Trying to parse and use in another field the geoip.asn value as follows:
geoip {
default_database_type => "ASN"
source => "dst"
}
mutate {
add_field => [ "[dst_asn]", "%{geoip.asn}" ]
# remove_field => [ "geoip" ]
}
Here is my respective index template field declaration:
"dst_asn": {"type": "integer"},
However, for some values I get the following error:
[2018-11-07T14:19:17,716][WARN ][logstash.outputs.elasticsearch] Could not index event to Elasticsearch. {:status=>400, :action=>["index", {:_id=>nil, :_index=>"my_index_raw_data-2018.11.07", :_type=>"_doc", :_routing=>nil}, #<LogStash::Event:0x5c30a50a>], :response=>{"index"=>{"_index"=>"my_index_raw_data-2018.11.07", "_type"=>"_doc", "_id"=>"Kcsc7mYBo99I6PWl0CVS", "status"=>400, "error"=>{"type"=>"mapper_parsing_exception", "reason"=>"failed to parse [dst_asn]", "caused_by"=>{"type"=>"number_format_exception", "reason"=>"For input string: \"%{[geoip][asn]}\""}}}}}