I try to load json-structured logs using filebeat into kibana.
it parses OK, but some values are numeric with very large numbers.
filebeat complains that
Value [40000000000000000000] is out of range for a long"}}, dropping event

I was trying to force such field to be "double" and not "long" but it ignores the setting.

my "fields.yml" contains:

- key: getlogs
  title: Getlogs Results
  fields:
  - name: amount
    type: double

how can I make it work?
(either recognize this field definition, or change the default numeric type to "double")

fields.yml still doesn't work, but I found I can do it in filebeat configuration:

processors:
- convert:
    fields:
      - { from: amount, type: double }

Editing fields.yml directly does not work, unless you rebuild the whole package. Using processors solves the problem, but the optimal solution is to use append_fields to load your fields configuration.

You have to configuration setup.template.append_fields and reload the index template. Ref: Configure Elasticsearch index template loading | Filebeat Reference [7.17] | Elastic

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.