Hi guys,
I am using the panw module on filebeat to pass log to logstash then pass to Elasticsearch.
Then I added 1 more extract field in the "/usr/share/filebeat/module/panw/panos/config/input.yml" but the default type appeared on Elasticsearch is string and I would like to change it to Integer. May I know where to change this setting?.
I hope adding like below at the end of input.yml under '-convert' operation can solve the problem. otherwise you can change the data type from index template in elasticsearch or using custom pipeline in logstash.
I tried to add this at the end {from: ABC, to: ABC, type: integer}, but the type is still text....
BTW may I know by changing the index template, will also update those indexed data? or only affect the future incoming data?
Ok. To update the old logs you've to re-index the document which is a slow process for large set of documents.
May I know what is the location that define the field type for filebeat modules? The convert comamnd seems not working..
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.