I'm in development; I can do anything I want (and can figure out how) to do.
Where do I set the type of this field seeing as I only create it in the dissect filter thus (see below) in the first place? (Filebeat sent it in as a subset of the message field originally. Without my filter, acme.date doesn't exist.) Is there additional syntax I can decorate this code with that will accomplish it?
filter
{
dissect
{
mapping =>
{
"message" => "%{acme.date} %{acme.time} CEF:%{acme.version}|%{acme.device_vendor}|%{acme.device_product}|%{acme.device_version}|%{acme.device_event_class_id}|%{acme.name}|%{acme.severity}|%{acme.extensions}"
}
}
}