Logstash/ long datatype returning String

Lakshmi_Deepak_Katar · October 10, 2018, 8:23am

Hi,

Please help me, I am very new to ELK, I am trying to change file-size field value to long data type but it is returning as string.

log message:
19-09-2018 18:25:12.676 type:interface::filename:AccountsDetails.csv::recordcount:2::region:IND::file_size:40::recieved_time:15-09-2018 16:21:u5408:

Grok Pattern:
%{DATESTAMP:Timestamp} %{WORD:app}:%{WORD:interface}::%{WORD:comp}:%{DATA:filename}::%{WORD:recordcount}:%{INT:record_count:int}::%{WORD:region}:%{DATA:region_name}::%{WORD:filesize}:%{INT:file-size:long}::%{WORD:time}:%{DATESTAMP:TransferTime}

jakelandis · October 11, 2018, 7:00am

Assuming this grok defined in Logstash, you will want to use %{INT:file-size:int}. I wouldn't worry about integer overflow in Logstash since it is based in Ruby and it will auto convert excessively large numbers to a BigNum.

With Elasticsearch, if you are using dynamic mapping for this field, it will just work since it will be backed by a long. However, if you explicitly map this field be sure to use a long data type.

If this is grok via the ingest node, what you have should work.

Topic		Replies	Views
How to convert a field string to long in logstash Logstash	4	17180	July 6, 2017
Can not convert from long to float logstash Logstash	3	1856	March 18, 2019
Numeric field (long) shown as string in kibana discovery Logstash	4	371	July 23, 2020
Wrong Long vlaue when store long value in es Logstash	6	1408	July 6, 2017
Netflow and type long (fwd_flow_delta_bytes) Logstash	4	804	April 6, 2018

Logstash/ long datatype returning String

Related topics