Hi, I have this in grok : %{IP:clientip}, but in Kibana in index mapping I see:
"clientip": { "type": "text", "norms": false, "fields": { "keyword": { "type": "keyword", "ignore_above": 256
I can't use kibana filter based on IP range, I guess this is the reason.
Should I reindex my indexes? How ?
and what's wrong with logstash ? should I use some mutate to convert ?
Thanx a lot.
Mutating fields in Logstash does not control how they are mapped in Elasticsearch, just how they are formatted in the JSON document being indexed. This is why it is only possible to convert to integers and floats. For data that are sent as a string, e.g. IP addresses, you need to provide the correct mapping through an index template. What you see is the default mapping that is created dynamically for strings if you do not specify any mapping. As you can not change mappings for existing fields you will need to reindex your data with the corrected mappings.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.