Interger field showing as string

sreejiths · February 22, 2018, 6:14am

GROK

grok {

     match => [
        # IOS
        "message", "%{IP:host_nagios}: Nagios-Log device_id=%{WORD:hostname} rtt=%{NUMBER:RTT} avgSD=%{NUMBER:SDLATENCY} avgDS=%

{NUMBER:DSLATENCY} syslog_sev_level=%{INT:syslog_sev_level} syslog_severity=%{WORD:syslog_severity} hostgroup=%{WORD:hostgroup} %{GR
EEDYDATA:log_message}"
]
add_tag => [ "Nagios" ]
}
}

if "Nagios" in [tags]
{

mutate { convert => { "syslog_sev_level" => "integer" } }
mutate { convert => { "RTT" => "float" } }
mutate { convert => { "SDLATENCY" => "float" } }
mutate { convert => { "DSLATENCY" => "float" } }

ISSUE:
The field RTT/SDLATENCY/ DSLATENCY is showing as string in KIBANA .Due to this i am not able to use this parameter to created visulization .. I refeshed/recreated index in Kibana , restarted logstash mutiple times ..Any advice on how to fix ???

magnusbaeck · February 22, 2018, 6:54am

What does the JSON document look like, are the fields actually numbers there?

sreejiths · February 22, 2018, 6:58am

Yes

{
"_index": "logstash-2018.02.22",
"_type": "nagios",
"_id": "AWG8R23JE3k31ptJ2riI",
"_score": null,
"_source": {
"syslog_sev_level": 6,
"host_nagios": "XXXXX",
"SDLATENCY": 32.23,
"message": "XXXXX: Nagios-Log device_id=XXXXX rtt=61.92 avgSD=32.23 avgDS=29.69 syslog_sev_level=6 syslog_severity=information hostgroup=WAN service_description=IPSLA-Latency_To_XXXX_Business time="Thu Feb 22 14:50:53 SGT 2018" msg="OK: RTT=61.92ms avgSD=32.23ms avgDS=29.69ms IP SLA 86001041 # To_XXXX1_Business Jitter probe to 202.163.53.182 "",
"type": "nagios",
"syslog_severity": "information",
"tags": [
"Nagios"
],
"hostname": "XXXXXX",
"@timestamp": "2018-02-22T06:52:59.651Z",
"RTT": 61.92,
"port": 43587,
"@version": "1",
"host": "10.67.21.164",
"hostgroup": "WAN",
"log_message": " service_description=IPSLA-Latency_To_XXXXX_Business time="Thu Feb 22 14:50:53 SGT 2018" msg="OK: RTT=61.92ms avgSD=32.23ms avgDS=29.69ms IP SLA 86001041 # To_XXXXX_Business Jitter probe toXXXXX "",
"DSLATENCY": 29.69
},
"fields": {
"@timestamp": [
1519282379651
]
},
"sort": [
1519282379651
]
}

magnusbaeck · February 22, 2018, 7:09am

I refeshed/recreated index in Kibana

Do you mean you deleted the index in ES or just recreated the index pattern in Kibana?

sreejiths · February 22, 2018, 7:10am

I meant recreated the index pattern in Kibana..

sreejiths · February 22, 2018, 7:14am

Running of ELK V5.2

magnusbaeck · February 22, 2018, 7:28am

I meant recreated the index pattern in Kibana..

That doesn't change anything. To change the mapping of an existing field you have to recreate the index itself.

sreejiths · February 22, 2018, 7:36am

You are right ..Thanks for help ..Fixed the issue ..

system · March 22, 2018, 7:36am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Numeric field (long) shown as string in kibana discovery Logstash	4	303	July 23, 2020
Field created as float still shows as string in kibana Settings Logstash	4	1149	July 6, 2017
[solved]Float recognized as a text Kibana	18	4260	May 2, 2017
Kibana, Discover: Field data loading is forbidden on srcip Kibana	20	3647	July 6, 2017
Fields not being categorized properly Kibana	8	627	March 2, 2018

Interger field showing as string

GROK

Related topics