Removing non-numeric characters from a field not working in logstash

need an urgent help.I am getting this error

[2022-02-08T18:25:01,995][WARN ][logstash.outputs.elasticsearch][main] Could not index event to Elasticsearch. {:status=>400, :action=>["index", {:_id=>"xjmdwt2/wbqlYsoFmJO31KfAC/s=", :_index=>"logs-prod-2022.02.08", :routing=>nil, :_type=>"_doc"}, #<LogStash::Event:0x735783ad>], :response=>{"index"=>{"_index"=>"logs-prod-2022.02.08", "_type"=>"_doc", "_id"=>"xjmdwt2/wbqlYsoFmJO31KfAC/s=", "status"=>400, "error"=>{"type"=>"mapper_parsing_exception", "reason"=>"failed to parse field [session.in.packet] of type [long] in document with id 'xjmdwt2/wbqlYsoFmJO31KfAC/s='. Preview of field's value: '1\n'", "caused_by"=>{"type"=>"illegal_argument_exception", "reason"=>"For input string: \"1\n\"" }}}}}

I am doing the below mutate in my config, so as to remove all the non-digit words. But still, why do I get the above error?

 mutate {
          gsub => [ "[session][in][packet]", "\D", "" ]
        }

gsub does not do a multiline match by default. I do not know if it is possible to enable it.

input { generator { count => 1 lines => [ '1
' ] } }
filter {
    ruby { code => 'event.set("message", event.get("message").gsub(/\D/m, ""))' }
}

Changes "1\n" to "1".

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.