Kibana 4.0.1 displays number field as string/text - unable to aggregate

I am new to the ELK stack but have spent 2 days now trying o solve this
rather annoying issue,

Kibana 4 displays my number fields as strings/text fields and I cannot
perform any max/aggregate calculations on the field.
Logstash is configured to specifically type/cast/mutate the field to a
number. Elastic Search sees the fields as numbers. Even the JSON tab in
Kibana 4 shows it as a number.
However the rest of Kibana thinks its a string.

I have attached the Tabel view and The JSON view. I assume I should see a
different icon in the table view? Not the little "t"

Here is what I see on my latest event in Kibana...

https://lh3.googleusercontent.com/-PoyS22lCz0c/VQ-j0mX9aOI/AAAAAAAAD3s/eh6D_nh_rQ4/s1600/JSON_View.png
https://lh6.googleusercontent.com/-j7eNo3hQy9A/VQ-ju8VbU_I/AAAAAAAAD3k/nIuAUdWvQfA/s1600/Tabel_view.png

Some background...

I am consuming logs from an Apache Webserver log that was customised by the
application developer.
I use logstash-forwarder (logstash-forwarder-0.3.1-1.x86_64.rpm) to send
the logs from the production server to the ELK server.

Here is the logstash-forwader config...

{
"network": {
"servers": [ "elkserver.mydomain.net:5000" ],
"timeout": 15,
"ssl ca": "/etc/pki/tls/certs/logstash-forwarder.crt"
},
"files": [
{
"paths": [
"/var/log/httpd/access_log"
],
"fields": { "type": "webpas-access" }
}
]
}
And on the ELK server the logstash configuration....

input {
lumberjack {
port => 5000
type => "webpas-access"
ssl_certificate => "/etc/pki/tls/certs/logstash-forwarder.crt"
ssl_key => "/etc/pki/tls/private/logstash-forwarder.key"
}
}
filter {
grok {
type => "webpas-access"
pattern => "%{APACHE_WEBPAS}"
}
mutate {
convert => [ "delay", "integer" ]
}
}
output {
elasticsearch { host => localhost }
stdout { codec => rubydebug }
}

I added a custom pattern to Logstash. I added type values to the bytes and
delay fields. "Delay" is the field I am trying to measure and treat as a
number,

APACHE_WEBPAS %{IPORHOST:clientip} %{USERNAME:user}
%{TIMESTAMP_ISO8601:stamp} "(?:%{WORD:verb} %{NOTSPACE:request}(?:
HTTP/%{NUMBER:httpversion})?|%{DATA:rawrequest})" %{NUMBER:response}
(?:%{NUMBER:bytes:int}|-) %{WORD}=%{NUMBER:delay:int} %{WORD}=%{QS:referrer}
I installed Elastic HQ and checked the indexes...

https://lh4.googleusercontent.com/-iHiCHU5Q4mc/VQ-mF4FlT3I/AAAAAAAAD34/tYwvsURw_uQ/s1600/elastic_index.png

This looks to me like a problem in Kibana but I am very much out of ideas
on what to do next.

PS. I made changes to the grok pattern 2 days ago but could not work out
how to reset/refresh the index so I waited overnight for a new index to be
created. Still no joy.

Please help.

Aaran

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/870605d3-fbd1-4973-b151-e89679b4daa7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Ooops I am running....

logstash-1.4.2

And ES...

{
"status" : 200,
"name" : "Umar",
"cluster_name" : "elasticsearch",
"version" : {
"number" : "1.4.4",
"build_hash" : "c88f77ffc81301dfa9dfd81ca2232f09588bd512",
"build_timestamp" : "2015-02-19T13:05:36Z",
"build_snapshot" : false,
"lucene_version" : "4.10.3"
},
"tagline" : "You Know, for Search"
}

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/4b4116f7-7cc6-4bb3-8648-6dc062f5eace%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.