Hello ALL,
I'm working with Logstash and Elasticsearch. I have a field provided through logs called (total-bytes), which is an integer.
My ElasticSearch index configuration for this field is:
"total-bytes" : {
"type" : "integer"
},
Depending on the action, sometimes the same log type is received but without "total-bytes" information. Instead the field is populated with a dash, "-". When this happens, an index failure happens. Because the field was supposed to be an integer.
How am I suppose to handle exceptions in my index schema? I need to keep the configuration as "integer" for further purposes and in the same time I want to avoid errors and store the log when "total-bytes" is null.
I was thinking to mutate the "-" and replace by "0" but I'm not sure if there is a better solution, instead of this workaround.
Thanks in advance!