Hi guys,
I am using the panw module on filebeat to pass log to logstash then pass to Elasticsearch.
Then I added 1 more extract field in the "/usr/share/filebeat/module/panw/panos/config/input.yml" but the default type appeared on Elasticsearch is string and I would like to change it to Integer. May I know where to change this setting?.
I hope adding like below at the end of input.yml under '-convert' operation can solve the problem. otherwise you can change the data type from index template in elasticsearch or using custom pipeline in logstash.
I tried to add this at the end {from: ABC, to: ABC, type: integer}, but the type is still text....
BTW may I know by changing the index template, will also update those indexed data? or only affect the future incoming data?
Ok. To update the old logs you've to re-index the document which is a slow process for large set of documents.
May I know what is the location that define the field type for filebeat modules? The convert comamnd seems not working..
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.