what does this following snippet, especially the message line
grok
{
match =>
{ "message" => "CustomerID%{INT:CustomerID:int}
"tag_on_failure" => []
}
}
I think this link could help you : https://logz.io/blog/logstash-grok/
This link may also be useful.
1 Like
In the link provided, there is no mentioned of data types like INT, int.
this was useful. change of datatype in the single line
:int is to change the datatype into integer. But what about the gork pattern INT? what does it stand for?
Definitions can be found in this GitHub repository.
got it . thanks.
is there difference between INT and int?
arent they one and the same?
INT is the grok pattern that matches an integer. int is what you cast it to in the generated JSON document (but not necessarily how it is mapped in Elasticsearch).
Got it. In other words, if i do not typecast into int, What would be the default data type of the grok pattern. Is it a string?
Yes.
got it
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.