Logstash could not index event to Elasticsearch

Hello eveybody,
I am using Logstash to parse my firewall logs, and in some logs I am getting that errors:

[2020-11-03T16:07:22,361][WARN ][logstash.outputs.elasticsearch][main][f05eea78ee20871f68357cbab5919471405decdd543eeae8c79baf8bd6c2af6a] Could not index event to Elasticsearch. {:status=>400, 
"reason"=>"failed to parse field [slotlevel] of type [integer] in document with id 'KZeljnUBd54xy33-9Zlx'
"reason"=>"Numeric value (4294967295) out of range of int (-2147483648 - 2147483647)\n at 

I understand from that logs that the value of the field slotlevel is much bigger than what we can store in an int type.

Can you tell me please what type I can use in grok to solve that problem.

In my case I am using this filter to parse that log:

(slotlevel=%{NUMBER:slotlevel:int} )?

Thanks for your help

You can use the int there, but you may need to change the mapping for the field in Elasticsearch to use long instead.

1 Like

Oh thank you, so the problem is in the mapping and not in the grok filter.
If I change the integer to long by running PUT _template/firewall again in the Dev Tool on Kibana I won't have a problem in my index ? or there is another solution to change the mapping ?

That will only apply for new indices, but it's the right way to do it.

1 Like

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.