Field not converting to integer

Hi,

Can anyone see why my hour field isnt converting to an integer. But my size field is. Im not getting any obvious errors anywhere to explain why

input {
    file {
        type => "csv"
        path => "/home/callum/Desktop/test2/*.csv"
        start_position => beginning
        sincedb_path => "/dev/null"
    }
}
filter {
        csv {
            separator => ","       
            columns => ["Date","User","Size","File Type","Device Class","Device Model","File Name","Time"]
        }

        date {
            match => ["Date", "yyyy-MM-dd'T'HH:mm:ssZZ"]

        }
        mutate {
            rename => {"Date" => "Time"}
            add_field => {"hour" => "%{+HH}"}
            convert => { "hour" => "integer" }
            convert => { "Size" => "integer" }
            remove_field => ["message","path","host","type"]
            lowercase => ["Date","User","Size","File Type","Device Class","Device Model","File Name"]
        }
        
}
    output {
            elasticsearch {
                hosts => "http://localhost:9200"
                index => "b"

            }
stdout { codec => rubydebug }
    }

"User" => "callum",
"Size" => 61751,
"File Type" => "xlsx",
"Time" => "2017-02-25T13:19:03Z",
"@timestamp" => 2017-02-25T13:19:03.000Z,
"Device Class" => "removable",
"Device Model" => "sandisk cruzer blade usb device, disk drive, (standard disk drives)",
"hour" => "13",
"@version" => "1",
"File Name" => "j:my spreadsheet.xlsx"

The options given to the mutate filter aren't executed in the order given. If you require a particular order you need to use multiple consecutive mutate filters.

Cheers !!

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.