I have do three actions,
- I saw a similar issue and split the add_field and convert into two mutates function.
-
using the convert code format as you mentioned.
mutate { add_field => { "container1" => "%{[ELKDN][0]}" } add_field => { "peakvalue1" => "%{[ELKPV1][0]}" "peakvalue2" => "%{[ELKPV1][1]}" "peakvalue3" => "%{[ELKPV1][2]}" "peakvalue4" => "%{[ELKPV1][3]}" } } mutate { convert => { "peakvalue1" => "float" "peakvalue2" => "float" "peakvalue3" => "float" "peakvalue4" => "float" } -
when the data fed completely, refresh the log pattern
Then, the convert is working well !!!!!!!!!!! it blocks me a long time!.
