Snippet q1

Arun_Murugappan · July 24, 2018, 9:34am

what does this following snippet, especially the message line

grok
{
match =>
{ "message" => "CustomerID%{INT:CustomerID:int}
"tag_on_failure" => []
}

}

Charaf_Ahmed · July 24, 2018, 9:36am

I think this link could help you : https://logz.io/blog/logstash-grok/

Christian_Dahlqvist · July 24, 2018, 9:37am

This link may also be useful.

Arun_Murugappan · July 24, 2018, 10:39am

In the link provided, there is no mentioned of data types like INT, int.

Arun_Murugappan · July 24, 2018, 10:42am

this was useful. change of datatype in the single line

Arun_Murugappan · July 24, 2018, 10:46am

:int is to change the datatype into integer. But what about the gork pattern INT? what does it stand for?

Christian_Dahlqvist · July 24, 2018, 10:48am

Definitions can be found in this GitHub repository.

Arun_Murugappan · July 24, 2018, 10:51am

got it . thanks.

Arun_Murugappan · July 24, 2018, 10:52am

is there difference between INT and int?

Arun_Murugappan · July 24, 2018, 10:52am

arent they one and the same?

Christian_Dahlqvist · July 24, 2018, 10:53am

INT is the grok pattern that matches an integer. int is what you cast it to in the generated JSON document (but not necessarily how it is mapped in Elasticsearch).

Arun_Murugappan · July 24, 2018, 10:55am

Got it. In other words, if i do not typecast into int, What would be the default data type of the grok pattern. Is it a string?

Christian_Dahlqvist · July 24, 2018, 10:56am

Yes.

Arun_Murugappan · July 24, 2018, 10:58am

got it

system · August 21, 2018, 10:58am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.