Hello!
I facing an issue with my grok format pattern even though i managed to change the type of the bytes log field to numbers (this type will be used for better Kibana visualizations) some of logs have the bytes field filled with "-". So that they fail .
How will i be able to change the "-" into 0 so that i can finish my visuals.
Thanks in Advance.
Have a nice Day!
You can alter the value or replace while ingestion itself using mutate filter in Logstash.
Try it out. This URL will give you some idea.
Thank you for the immediate respone. My configuration consists of just Elastic and Kibana
Is there any way converting it to 0 without Logstash?
Thanks!!
One way of doing it is via processor's in Elasticsearch ingest pipelines.
Below is the URL which can help you.
Have tried this one
"set" : {
"if" : "ctx.bytes == '-'",
"field" : "bytes",
"value" : 0
},
And it didnt work...in my kibana index pattern it shows a number field though all "-" fail to be parsed.
is there any other approach or did my approach was wrong?
Thanks!
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.