Hello everyone!
I'm using an ELK stack to analyze my nginx acces logs. My grok pattern is:
%{IPORHOST:clientip} %{NGUSER:ident} %{NGUSER:auth} \[%{HTTPDATE:timestamp}\] "%{WORD:verb} %{URIPATHPARAM:request} HTTP/%{NUMBER:httpversion}" %{NUMBER:response} (?:%{NUMBER:bytes}|-) (?:"(?:%{URI:referrer}|-)"|%{QS:referrer}) %{QS:agent} "-" "%{NUMBER:response_time}"
The data is retrieved and stored within elastic search. When I try to use the stats modules of Kibana, it fails because the bytes field is not numeric:
[Facet [stats]: field [bytes] isn't a number field, but a string]
Is there any way to tell Logstash to store some data as numeric? The mapping is currently set to string.
Thanks!