We use elasticsearch 5.6 with logstash,filebeat and kibana to search through the iis logs.
We have a filebeat index that already is used but the Time Taken is not a number in Kibana.
The "Time Taken property is mapped as a keyword.
We have setup in logstash a grok filter with %{NUMBER:Time-Taken but it stil is seen as a keyword..
I have changed the grok filter to %{NUMBER:Time-Taken:int but its not changing in kibana.
Do I need to restart logstash to have these changes to work?
The casting in Logstash just affects how it is represented in the JSON document sent to Elasticsearch. The mappings and index templates in Elasticsearch determines how this data is indexed and interpreted. As you can not change mappings for existing indexes, this change will only apply to new indices.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.