Logstash/ long datatype returning String

Lakshmi_Deepak_Katar · October 10, 2018, 8:23am

Hi,

Please help me, I am very new to ELK, I am trying to change file-size field value to long data type but it is returning as string.

log message:
19-09-2018 18:25:12.676 type:interface::filename:AccountsDetails.csv::recordcount:2::region:IND::file_size:40::recieved_time:15-09-2018 16:21:u5408:

Grok Pattern:
%{DATESTAMP:Timestamp} %{WORD:app}:%{WORD:interface}::%{WORD:comp}:%{DATA:filename}::%{WORD:recordcount}:%{INT:record_count:int}::%{WORD:region}:%{DATA:region_name}::%{WORD:filesize}:%{INT:file-size:long}::%{WORD:time}:%{DATESTAMP:TransferTime}

jakelandis · October 11, 2018, 7:00am

Assuming this grok defined in Logstash, you will want to use %{INT:file-size:int}. I wouldn't worry about integer overflow in Logstash since it is based in Ruby and it will auto convert excessively large numbers to a BigNum.

With Elasticsearch, if you are using dynamic mapping for this field, it will just work since it will be backed by a long. However, if you explicitly map this field be sure to use a long data type.

If this is grok via the ingest node, what you have should work.

system · November 8, 2018, 7:01am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.