Compatible field type

theo1991 · July 19, 2019, 8:24am

Hi everybody,

I want to use visualizations in Kibana and it went right until I want to use specific fields.
I want to count the number of events in my logs, which are at the field event_count.
In my grok filter, the event_count is : %{NUMBER:event_count}.
But when I look at Elasticsearch, here is the output of the index :

 "event_count": {
        "type": "text",
        "fields": {
          "keyword": {
            "type": "keyword",
            "ignore_above": 256
          }
        }
      },

How could it be possible ? I have no _grokparsefailure, and when I look at the other fields, all the fileds which I have declared as NUMBER in my grok filter have also this text type index.

Thank you

Badger · July 19, 2019, 12:51pm

Use %{NUMBER:event_count:int} or %{NUMBER:event_count:float}. Once you start ingesting into a new index they will have numeric type.

theo1991 · July 19, 2019, 1:40pm

Thank you !

system · August 16, 2019, 1:41pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Extracting a value(Integer) from the logs and plotting it in kibana VS time Logstash	4	2204	July 6, 2017
Logstash could not index event to Elasticsearch Logstash	4	876	December 3, 2020
Fields not being categorized properly Kibana	8	627	March 2, 2018
Logstash 5.2 and specifying primitive types Logstash	3	333	September 11, 2018
GROK NUMBER field type creating field as string and not number Logstash	2	9789	September 27, 2017

Compatible field type

Related topics