I am getting this message on the top of kibana when I filter on a boolean value
"Discover: Boolean scripted fields must return true or false"
I have deleted all the data and only have two documents in the index.
I have logstash add a value of true or false to a field called "[proxied][connection]"
My mapping is correct also
"proxied": {
"properties": {
"as_org": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"asn": {
"type": "long"
},
"connection": {
"type": "boolean"
},
I even added a convert in logstash to see if it would fix it and it still gives me the error in kibana when i try and use that filter
mutate {
add_field => {
"[proxied][connection]" => "true"
}
convert => { "[proxied][connection]" => "boolean" }
}
I am pounding my head trying to figure this out, anyhelp would be appreciated.