Logstash/ long datatype returning String

Lakshmi_Deepak_Katar · October 10, 2018, 8:23am

Hi,

Please help me, I am very new to ELK, I am trying to change file-size field value to long data type but it is returning as string.

log message:
19-09-2018 18:25:12.676 type:interface::filename:AccountsDetails.csv::recordcount:2::region:IND::file_size:40::recieved_time:15-09-2018 16:21:u5408:

Grok Pattern:
%{DATESTAMP:Timestamp} %{WORD:app}:%{WORD:interface}::%{WORD:comp}:%{DATA:filename}::%{WORD:recordcount}:%{INT:record_count:int}::%{WORD:region}:%{DATA:region_name}::%{WORD:filesize}:%{INT:file-size:long}::%{WORD:time}:%{DATESTAMP:TransferTime}

jakelandis · October 11, 2018, 7:00am

Assuming this grok defined in Logstash, you will want to use %{INT:file-size:int}. I wouldn't worry about integer overflow in Logstash since it is based in Ruby and it will auto convert excessively large numbers to a BigNum.

With Elasticsearch, if you are using dynamic mapping for this field, it will just work since it will be backed by a long. However, if you explicitly map this field be sure to use a long data type.

If this is grok via the ingest node, what you have should work.

system · November 8, 2018, 7:01am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Numeric field (long) shown as string in kibana discovery Logstash	4	303	July 23, 2020
Grok Type Conversion Not Working (logstash-6.6.0) Logstash	2	307	March 21, 2019
Bigint values in elasticsearch Elasticsearch	2	2861	February 22, 2017
Data type conversion issue Elasticsearch	9	4710	August 3, 2018
How do I set a field type using grok? Logstash	4	20486	July 6, 2017

Logstash/ long datatype returning String

Related topics