Change Field type from keyword to integer

PieterF · August 29, 2018, 9:13am

Hi There,

We use elasticsearch 5.6 with logstash,filebeat and kibana to search through the iis logs.
We have a filebeat index that already is used but the Time Taken is not a number in Kibana.
The "Time Taken property is mapped as a keyword.
We have setup in logstash a grok filter with %{NUMBER:Time-Taken but it stil is seen as a keyword..

I have changed the grok filter to %{NUMBER:Time-Taken:int but its not changing in kibana.
Do I need to restart logstash to have these changes to work?

Do you have any other ideas what i can do?

tomoncle · August 29, 2018, 9:42am

I had the same problem. Filebeat data convert filed string to number on elasticsearch

Christian_Dahlqvist · August 29, 2018, 9:49am

The casting in Logstash just affects how it is represented in the JSON document sent to Elasticsearch. The mappings and index templates in Elasticsearch determines how this data is indexed and interpreted. As you can not change mappings for existing indexes, this change will only apply to new indices.

system · September 26, 2018, 9:49am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How to change the datatype of field in elastic search Logstash	9	10511	July 6, 2017
Changed field to integer Kibana	3	790	July 6, 2017
Converting type of a field in Elasticsearch Slow Logs scraped by filebeat Beats filebeat	1	246	June 18, 2020
Field turns into text in elasticsearch after being mapped as INT in grok and being mutated into integer Logstash	5	1965	January 18, 2018
Change datatype for responsetimemillis field from String to Number Elasticsearch	6	754	July 5, 2017

Change Field type from keyword to integer

Related topics