Hi,
I have this field below
and I want to use grok to get the number 427 at the end and add it to new field as type number
I did the following
grok {
match => { "name" => "%{GREEDYDATA}device: %{NUMBER:concurrentUsers}"}
}
but still get the new field named concurrentUsers as string concurrentUsers
How can I make Number type??
Quoting the grok filter documentation:
Optionally you can add a data type conversion to your grok pattern. By default all semantics are saved as strings. If you wish to convert a semantic’s data type, for example change a string to an integer then suffix it with the target data type. For example
%{NUMBER:num:int}which converts thenumsemantic from a string to an integer. Currently the only supported conversions areintandfloat.
Keep in mind that the data type of a field in an index can't ever change, so you have to reindex your current data or just start over.
I did the change in conf file with %{NUMBER:concurrentUsers:int} and still the field string cause I think the index in elasticsearch is mentioning string datatype. How can I reindex the data?
I created new index and removed the old one and now its working successfully
thank you
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.