How to use logstash to change the field type of winlogbeat data

Hi,
I want to change the field type from string to number of event_data collected through winlogbeat.
I have tried mutate way, but it's not working. Please tell me how to do it and how to reindex the data as well
My config file is
input {
beats {
port => 5044
}
}

filter {
mutate {
convert => {
"event_data.BootTime" => "integer"
}
}
}

output {
elasticsearch {
hosts => "localhost:9200"
manage_template => false
index => "%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}"
}
}

You won't be able to change the type if the index has already been created with one type. You need to re-index as you say:

https://www.elastic.co/guide/en/elasticsearch/reference/current/docs-reindex.html

while creating new index, i am getting this error "Gateway Timeout "

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.