Change filed type from string to number

Parthgandhi · May 4, 2018, 12:19pm

Hi,
I have below GROK parse used for filtering IIS logs. It seems to be working fine except for certain fields(like SC-Bytes, CS-Bytes, etc) are coming as string and not numbers. How do i change this to number?

match => { "message" => "%{TIMESTAMP_ISO8601:log_timestamp} %{WORD:S-SiteName} %{NOTSPACE:S-ComputerName} %{IPORHOST:S-IP} %{WORD:CS-Method} %{URIPATH:CS-URI-Stem} (?:-|\"%{URIPATH:CS-URI-Query}\") %{NUMBER:S-Port} %{NOTSPACE:CS-Username} %{IPORHOST:C-IP} %{NOTSPACE:CS-Version} %{NOTSPACE:CS-UserAgent} %{NOTSPACE:CS-Cookie} %{NOTSPACE:CS-Referer} %{NOTSPACE:CS-Host} %{NUMBER:SC-Status} %{NUMBER:SC-SubStatus} %{NUMBER:SC-Win32-Status} %{NUMBER:SC-Bytes} %{NUMBER:CS-Bytes} %{NUMBER:Time-Taken}"}

Badger · May 4, 2018, 12:29pm

Use %{NUMBER:SC-Bytes:int}

system · June 1, 2018, 12:29pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.