Change Field type from keyword to integer

PieterF · August 29, 2018, 9:13am

Hi There,

We use elasticsearch 5.6 with logstash,filebeat and kibana to search through the iis logs.
We have a filebeat index that already is used but the Time Taken is not a number in Kibana.
The "Time Taken property is mapped as a keyword.
We have setup in logstash a grok filter with %{NUMBER:Time-Taken but it stil is seen as a keyword..

I have changed the grok filter to %{NUMBER:Time-Taken:int but its not changing in kibana.
Do I need to restart logstash to have these changes to work?

Do you have any other ideas what i can do?

tomoncle · August 29, 2018, 9:42am

I had the same problem. Filebeat data convert filed string to number on elasticsearch

Christian_Dahlqvist · August 29, 2018, 9:49am

The casting in Logstash just affects how it is represented in the JSON document sent to Elasticsearch. The mappings and index templates in Elasticsearch determines how this data is indexed and interpreted. As you can not change mappings for existing indexes, this change will only apply to new indices.

Topic		Replies	Views
Unable to change type string to int (logstash -> es) Elasticsearch	2	707	July 13, 2018
Change type field in logstash Logstash	2	1480	November 17, 2019
How can convert field to int, float Logstash	8	11045	July 6, 2017
Field turns into text in elasticsearch after being mapped as INT in grok and being mutated into integer Logstash	5	2161	January 18, 2018
Logstash convert string field to number Logstash	6	6461	January 15, 2018

Change Field type from keyword to integer

Related topics