Field not converting to integer

Pokecallum · March 9, 2017, 3:09pm

Hi,

Can anyone see why my hour field isnt converting to an integer. But my size field is. Im not getting any obvious errors anywhere to explain why

input {
    file {
        type => "csv"
        path => "/home/callum/Desktop/test2/*.csv"
        start_position => beginning
        sincedb_path => "/dev/null"
    }
}
filter {
        csv {
            separator => ","       
            columns => ["Date","User","Size","File Type","Device Class","Device Model","File Name","Time"]
        }

        date {
            match => ["Date", "yyyy-MM-dd'T'HH:mm:ssZZ"]

        }
        mutate {
            rename => {"Date" => "Time"}
            add_field => {"hour" => "%{+HH}"}
            convert => { "hour" => "integer" }
            convert => { "Size" => "integer" }
            remove_field => ["message","path","host","type"]
            lowercase => ["Date","User","Size","File Type","Device Class","Device Model","File Name"]
        }
        
}
    output {
            elasticsearch {
                hosts => "http://localhost:9200"
                index => "b"

            }
stdout { codec => rubydebug }
    }

"User" => "callum",
"Size" => 61751,
"File Type" => "xlsx",
"Time" => "2017-02-25T13:19:03Z",
"@timestamp" => 2017-02-25T13:19:03.000Z,
"Device Class" => "removable",
"Device Model" => "sandisk cruzer blade usb device, disk drive, (standard disk drives)",
"hour" => "13",
"@version" => "1",
"File Name" => "j:my spreadsheet.xlsx"

magnusbaeck · March 9, 2017, 3:13pm

The options given to the mutate filter aren't executed in the order given. If you require a particular order you need to use multiple consecutive mutate filters.

Pokecallum · March 9, 2017, 3:25pm

Cheers !!

system · April 6, 2017, 3:25pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.