Hi, i am trying to use map field as IP datatype but ending with getting string.
First i tried it (as i did for NUMBER data type) do it just by GROK parsing pattern that when in log, the value would be mapped by %{IP:sorc:ip} but this created string type field.
Then, i tried at kibana>index template>mappings>mapping field, added "sorc1" as IP datatype, made the parser {IP:sorc1} but getting string, same when i tried to map it again in kibana index template mapping and in pattern defined %{IP:sorc2:ip}.
My index template:
{
"logstashx" : {
"order" : 0,
"index_patterns" : [
"logstashx-*"
],
"settings" : { },
"mappings" : {
"_routing" : {
"required" : false
},
"numeric_detection" : false,
"dynamic_date_formats" : [
"strict_date_optional_time",
"yyyy/MM/dd HH:mm:ss Z||yyyy/MM/dd Z"
],
"_meta" : { },
"_source" : {
"excludes" : [ ],
"includes" : [ ],
"enabled" : true
},
"dynamic" : true,
"dynamic_templates" : [ ],
"date_detection" : true,
"properties" : {
"sorc1" : {
"type" : "ip"
},
"sorc2" : {
"type" : "ip"
}
}
},
"aliases" : { }
}
}
when i try to put:
"sorc3" : {
"full_name" : "sorc3",
"mapping" : {
"ip" : {
"type" : "ip"
}
}
},
under properties, i get error message:
{
"error" : {
"root_cause" : [
{
"type" : "mapper_parsing_exception",
"reason" : "No type specified for field [sorc3]"
}
],
"type" : "mapper_parsing_exception",
"reason" : "Failed to parse mapping [_doc]: No type specified for field [sorc3]",
"caused_by" : {
"type" : "mapper_parsing_exception",
"reason" : "No type specified for field [sorc3]"
}
},
"status" : 400
}
I tought i was mapping it correctly, but none of tried methods worked, any ideas what i am doing wrong?