How to mutate convert field in Json file input

Elastic Stack Logstash
1

Hi,

I am reading Json file and trying to mutate/convert some fields to float for example , but its not working for me.
Its seems that i am missing the right way doing so ,below i have my config file and json example structure
Please advise
Thanks

=========config file===========
input{
exec{
command => "C:/dst/smbtest.json"
codec => json
interval => 180
}
}
filter{
mutate{
#convert => { "frame.time_relative" => "float" }
convert => {"[_index]{[_source]{[layers][frame.time_relative]}}}" => "float"}
}

    }
    output{
      stdout{codec => json}
    }

==========json file===================================================
[
{
"_index": "packets-2017-05-22",
"_type": "pcap_file",
"_score": null,
"_source": {
"layers": {
"frame.number": ["26"],
"frame.time_relative": ["1.560480000"],
"ip.src": ["172.23.136.73"],
"ip.dst": ["172.23.254.88"],
"tcp.flags.syn": ["1"],
"tcp.flags.ack": ["0"]
}
}
}

  ,
  {
    "_index": "packets-2017-05-22",
    "_type": "pcap_file",
    "_score": null,
    "_source": {
      "layers": {
        "frame.number": ["27"],
        "frame.time_relative": ["1.560558000"],
        "ip.src": ["10.10.1.1"],
        "ip.dst": ["172.23.254.88"],
        "tcp.flags.syn": ["1"],
        "tcp.flags.ack": ["0"]
      }
    }
  }

  ,
  {
    "_index": "packets-2017-05-22",
    "_type": "pcap_file",
    "_score": null,
    "_source": {
      "layers": {
        "frame.number": ["28"],
        "frame.time_relative": ["1.560616000"],
        "ip.src": ["172.23.136.73"],
        "ip.dst": ["172.23.254.88"],
        "tcp.flags.syn": ["1"],
        "tcp.flags.ack": ["0"]
      }
    }
  }
]
2

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.