I am pretty new to using elastic and log stash and i am currently facing a huge problem.
We have setup log stash to parse networking logs to elastic and then we can use them to check our traffic , dest/src etc.
It seems we misconfigured some stuff and i am getting IP addresses as string or data_lengths as strings.
I want to change the types of both to IPv4/Byte(or int anyway and figure my way from there).
With some research it seems there needs to be a huge re-indexing so all my previous indices(like 40 daily indices total).
What is the safest way to do that without losing our previous data or really messing up our setup.
Log stash version 2.4
Elastic Search Version 2.2
Kibana Version 4.0
Ask for any additional information you need.
Thanks in regards to anyone investing his/her time.
Let me give you some more background info about my situation by the way.
It's my first time working with ES and anything that has to do with logs.My full time job was as a java and web programmer.
So a friend started his company and asked for my help.All this setup is already done so i am still under research to fully understand the logging and transformation process.I mention all those just in case i ask anything not so ordinary
So if we can actually do the update can you give me some more info about the whole process?
I found the API but with my little knowledge over the whole platforms make it hard to follow.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
