How can convert field to int, float

cmorell · May 10, 2016, 7:49pm

Hello,

I'm starting to use ELK, but I have a problem to convert fields... always, all the fields types are string.

Here an example of log line:

2016-05-10 19:44:37 123 12 199

and here logstash config file:

input { file { type => "platform" path => "/home/vagrant/platform.log" start_position => beginning } } filter { if [type]=="platform" { grok { match => [ "message", "%{TIMESTAMP_ISO8601:timestamp} %{NUMBER:id:int} %{NUMBER:platform_type:int} %{NUMBER:value:int}"] } mutate { convert => { "value" => "integer" "platform_type" => "integer" "id" => "integer" } } } } output { elasticsearch { hosts => ["localhost:9200"] index => "platform-%{+YYYY-MM-dd}" } }

and when I test it, using

curl -XGET 'http://localhost:9200/platfrom-*'

return

{"platfrom-2016-05-10":{"aliases":{},"mappings":{"platfrom":{"properties":{"@timestamp":{"type":"date","format":"strict_date_optional_time||epoch_millis"},"@version":{"type":"string"},"host":{"type":"string"},"id":{"type":"string"},"message":{"type":"string"},"path":{"type":"string"},"platfrom_type":{"type":"string"},"timestamp":{"type":"string"},"type":{"type":"string"},"value":{"type":"string"}}}},"settings":{"index":{"creation_date":"1462902506058","number_of_shards":"5","number_of_replicas":"1","uuid":"qs60O-FRSzO5rGv2E0nEzQ","version":{"created":"2030299"}}},"warmers":{}}}

All fields are strings...

I don't know what I am doing bad, can anyone help me?

Thanks

warkolm · May 11, 2016, 6:06am

Ideally, you should be setting this in ES as well via a mapping or a template.

fbaligand · May 11, 2016, 7:51am

To me, your logstash configuration is nice.
And normally, you have not to add "mutate" filter, since in grok filter, you already convert fields to int using :int.

To be sure that your conversion is correct, you can add this output :

output {
  stdout { codec => rubydebug }
}

If it is correct, you see id => 1
If it is not correct, you see id => "1"

That said, you have to know that elasticsearch index defines its mapping using first document.
So I invite you to :

drop index, put a document using logstash, and verify that new index has good mapping
check that there is nothing elsewhere (in your logstash pipeline or elsewhere) that create documents with int fields as a string.

krish · February 17, 2017, 8:09am

its not working for me too i used both types of config (i.e) {number:num:int} and mutate any suggestions or ideas .pls..

fbaligand · February 17, 2017, 8:30am

Did you try the following output configuration to check that Logstash does the conversion right ?
Because maybe your problem is not Logstash conversion but elasticsearch mapping.

warkolm · February 17, 2017, 8:57am

Please start your own thread, this one is super old.

krish · February 17, 2017, 9:45am

how to do that? im new to it can you help me??

fbaligand · February 17, 2017, 7:37pm

Go here : https://discuss.elastic.co/c/logstash
Click "New Topic" button

Topic		Replies	Views
How to change the datatype of field in elastic search Logstash	9	10509	July 6, 2017
Changing field types Elasticsearch	9	4523	July 5, 2017
Convert from string to integer Logstash	5	2377	July 6, 2017
Unable to change type string to int (logstash -> es) Elasticsearch	2	669	July 13, 2018
Supported field types? Logstash	5	9618	July 6, 2017

How can convert field to int, float

Related Topics