Hello,
We are pushing data in ElasticSearch via logstash. The issue is that for the IP address, it is being stored as a string rather as an IP data type. Is it possible to specify it via grok? I have tried the follow code below but it does not seem to work.
> ip { match => [ "ip", "IPV4" ] }A grok or mutate filter can only convert values between JSON datatypes. To store IP addresses as the "ip" type in Elasticsearch you need to modify the index's mapping , typically by modifying the index template used by the elasticsearch output.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.