Kibana Maps vizualization reporting `Data view does not contain any geospatial fields`
I've got some log events to Elasticsearch (Elastic Cloud). These events go through an ingest pipeline. For some events, I'm using a (conditional) GeoIP processor that adds information about the geographical location based on an IP address. For some other events, I'm using a (conditional) Script processor to manually convert Latitude, Longitude, country name, country code etc. that come through in a log event, to a Geo field as per the ECS (Elastic Common Schema) spec.
When I try to add layer to a Map visualization in Kibana (e.g. Documents layer or Choropleth layer), I'm getting an error of Data view does not contain any geospatial fields.
The data view that I'm specifying logs-* includes events that have the geo field e.g.
"geo": {
"continent_name": "Oceania",
"region_iso_code": "AU-NSW",
"city_name": "Sydney",
"country_iso_code": "AU",
"country_name": "Australia",
"region_name": "New South Wales",
"location": {
"lon": 151.2006,
"lat": -33.8715
}
}
I'm not sure if the geo field or some of the nested fields (whether added to events by the GeoIP processor or manually via the Script processor) were indexed with the wrong type? If I look at the field types for the geo.location.lat or geo.location.lon fields, I get the following:
"fields": {
"geo": {
"object": {
"type": "object",
"metadata_field": false,
"searchable": false,
"aggregatable": false
}
},
"geo.location": {
"object": {
"type": "object",
"metadata_field": false,
"searchable": false,
"aggregatable": false
}
},
"geo.location.lat": {
"float": {
"type": "float",
"metadata_field": false,
"searchable": true,
"aggregatable": true
}
}
}
I've tried several things including specifying a different target field (e.g. geox) in my GeoIP processor that would get indexed separately, but this field ends up with the same field types and I still get the Data view does not contain any geospatial fields error when trying to create my map visualization...
How do I get this to work?
Elasticsearch's dynamic mapping is not able to detect geospatial fields. You will need to manually map your latitude and longitude values as a geo_point field.
If you do not want to reindex your data, you can create a runtime geo_point field that can be used in Maps (as long as you are in a later version, like 8.7).
- What is the use case for index closing in ElasticSearch?
- opensearch-py not accepting connection with AWS signer on async client
- elasticsearch query nested array of objects
- ElasticSearch: Unassigned Shards, how to fix?
- get elasticsearch schema via commandline tool
- What happened to elasticsearch/elasticsearch?
- Elasticsearch:how to change cluster health from yellow to green
- ConnectionError when initializing BM25Assembler in DB-GPT
- Configuring ElasticSearch SSL and Python Querying, Certificates Question
- How different types of indexes are stored in elastic search?
- Elasticsearch synonyms for index analyzer
- Could not connect Logstash to Kafka via compose file
- Kafka Elasticsearch Sink Connector: Connection Error
- How to set track_total_hits in Elasticsearch using Laravel Scout?
- how to query opensearch with built-in script knn_score?
- Best Way To Update Custom Resources (CR) Using An Operator
- How to resolve ElasticSearch Library Dependency Error
- Elastic Agent how to ingest AWS Glue metrics
- How to get a list of Elasticsearch indices sorted by name?
- ElasticSearch Healthcheck on docker-compose failing
- illegal_argument_exception","reason":"Unknown filter type [phonetic] for [phonetic]
- LTR logs missing when using the rescore block in OpenSearch
- How do I enable remote access/request in Elasticsearch 2.0?
- _meta field in elasticsearch usage?
- ES / JVM Memory Locking in Unpriv. Linux Container (LXD/LXC)
- Kibana use "kibana" user instead "kibana_system"
- Specify which fields are indexed in ElasticSearch
- Elasticsearch how to remove a field while reindexing
- gatling & elastic : invalid basic authentication header encoding
- Delete all index with similary name