Import geospatial data

edit

Import geospatial data

edit

To import geospatical data into the Elastic Stack, the data must be indexed as geo_point or geo_shape. Geospatial data comes in many formats. Choose an import tool based on the format of your geospatial data.

When you upload GeoJSON or delimited files in Kibana, there is a file size limit, which is configurable in Advanced Settings.

Security privileges

edit

The Elastic Stack security features provide roles and privileges that control which users can upload files. You can manage your roles, privileges, and spaces in Stack Management in Kibana. For more information, see Security privileges, Kibana privileges, and Kibana role management.

To upload GeoJSON files and draw features in Kibana with Maps, you must have:

  • The all Kibana privilege for Maps
  • The all Kibana privilege for Index Pattern Management
  • The create and create_index index privileges for destination indices
  • To use the index in Maps, you must also have the read and view_index_metadata index privileges for destination indices

To upload delimited files (such as CSV, TSV, or JSON files) on the Kibana home page, you must also have:

  • The all Kibana privilege for Discover
  • The manage_pipeline or manage_ingest_pipelines cluster privilege
  • The manage index privilege for destination indices

Upload delimited files with latitude and longitude columns

edit

On the Kibana home page, you can upload a file and import it into an Elasticsearch index with latitude and longitude columns combined into a geo_point field.

  1. Go to the Kibana home page and click Upload a file.
  2. Select a file in one of the supported file formats.
  3. Click Import.
  4. Select the Advanced tab.
  5. Set Index name.
  6. If a combined geo_point field is not created automatically, click Add combined field, then click Add geo point field.
  7. Fill out the form and click Add.
  8. Click Import.

Upload a GeoJSON file

edit

Upload GeoJSON indexes GeoJSON features as a geo_point or geo_shape.

  1. Create a new map.
  2. Click Add layer.
  3. Select Upload GeoJSON.
  4. Use the file chooser to select a GeoJSON file.
  5. Click Import file.

Draw features in a map

edit

Upload features into Elasticsearch by drawing lines, polygons, circles, bounding boxes, and points in a map.

To create a new index for drawing:

  1. Create a map.
  2. Click Add layer.
  3. Select Create index.
  4. Set Index name.
  5. Click Create index.

To open an existing index for drawing:

  1. Create a map.
  2. Click Add layer.
  3. Select Documents.
  4. Select the index pattern that points to your index. A index pattern can point to one or more indices. For feature editing, the data view must point to a single index.
  5. Click Add layer.
  6. Set Scaling to Limit results to 10,000.
  7. In Filtering:

    • Clear the Apply global search to layer data checkbox.
    • If your data view contains a default time field, clear the Apply global time to layer data checkbox.
  8. Click Save & close.
  9. In the legend, click the layer name and select Edit features.

When feature editing is open, a feature editing toolbox is displayed on the left side of the map.

drawing layer

To draw features:

  1. Click on the line, polygon, circle, bounding box, or point icon.
  2. Move the mouse cursor over the map and follow the on screen instructions to draw a feature.

    When a feature is complete, the feature is added to the index as a new document.

  3. Repeat to draw additional features.
  4. When you are finished adding features, go to the legend, and click Exit under the layer name.

Upload data with IP addresses

edit

The GeoIP processor adds information about the geographical location of IP addresses. See GeoIP processor for details. For private IP addresses, see Enriching data with GeoIPs from internal, private IP addresses.

Upload data with GDAL

edit

GDAL (Geospatial Data Abstraction Library) contains command line tools that can convert geospatial data between 75 different geospatial file formats and index that geospatial data into Elasticsearch. See Ingest geospatial data into Elasticsearch with GDAL for details.