Compatible field type

theo1991 · July 19, 2019, 8:24am

Hi everybody,

I want to use visualizations in Kibana and it went right until I want to use specific fields.
I want to count the number of events in my logs, which are at the field event_count.
In my grok filter, the event_count is : %{NUMBER:event_count}.
But when I look at Elasticsearch, here is the output of the index :

 "event_count": {
        "type": "text",
        "fields": {
          "keyword": {
            "type": "keyword",
            "ignore_above": 256
          }
        }
      },

How could it be possible ? I have no _grokparsefailure, and when I look at the other fields, all the fileds which I have declared as NUMBER in my grok filter have also this text type index.

Thank you

Badger · July 19, 2019, 12:51pm

Use %{NUMBER:event_count:int} or %{NUMBER:event_count:float}. Once you start ingesting into a new index they will have numeric type.

theo1991 · July 19, 2019, 1:40pm

Thank you !

system · August 16, 2019, 1:41pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.