Hi,
I need to create an index for elasticsearch from logstash, but the fields number it's saved as String in elasticsearch.
This is my log:
2019-12-08#22:19:04#2019120822190431913#2019-12-08T22:19:04.898+01:00#servidor#BLOWE#services_test#TQWE2019120822190421513d#GZUTZRQU18MZIQA#AABBCCDDEEE#ABCDEF5#645#386#0#1031#
This is my grok:
%{DATA:date}#%{DATA:hour}#%{DATA:date2}#%{DATA:date3}#%{DATA:server}#%{DATA:web}#%{DATA:services}#%{DATA:traza}#%{DATA:op}#%{DATA:orden}#%{DATA:bene}#%{NUMBER:time_1}#%{NUMBER:time_2}#%{NUMBER:time_3}#%{NUMBER:time_total}#
Output:
{
"date": [
[
"2019-12-08"
]
],
"hour": [
[
"22:19:04"
]
],
"date2": [
[
"2019120822190431913"
]
],
"date3": [
[
"2019-12-08T22:19:04.898+01:00"
]
],
"server": [
[
"servidor"
]
],
"web": [
[
"BLOWE"
]
],
"services": [
[
"services_test"
]
],
"traza": [
[
"TQWE2019120822190421513d"
]
],
"op": [
[
"GZUTZRQU18MZIQA"
]
],
"orden": [
[
"AABBCCDDEEE"
]
],
"bene": [
[
"ABCDEF5"
]
],
"time_1": [
[
"645"
]
],
"BASE10NUM": [
[
"645",
"386",
"0",
"1031"
]
],
"time_2": [
[
"386"
]
],
"time_3": [
[
"0"
]
],
"time_total": [
[
"1031"
]
]
}
I don't understand why send BASE10NUM with 4 numbers and time_1, time_2, time_3 and time_total and this values are saved as String