Dear All,
two days ago I started using "Logstash exec plugin" to launch a bash script and save provided information in elasticsearch.
At this moment, it seems working as expected, but I'm not able to convert "quota" and "used_quota" fields in integer numbers.
Using Kibana dashboard I can see "int", "int__2", "int__3" and file_size as integer, but "quota" and "used_quota" are still considered as "text" fields.
I deleted and recreated the index, I refreshed it, but nothing changed.
Could you please help me to solve this issue?
You can find below my logstash config file and a screenshot of kibana discover page.
Thank you,
Mauro
` input {
rabbitmq {
tags => "1"
id => "1"
host => "localhost"
queue => "audit_messages"
}
exec {
tags => "2"
id => "2"
codec => line
command => "/usr/bin/iquotareport"
interval => 15
}
}
filter {
if "1" in [tags] {
if "_jsonparsefailure" in [tags] {
mutate {
gsub => [ "message", "[\]","" ]
gsub => [ "message", ".*BEGIN_JSON", ""]
gsub => [ "message", "END_JSON", ""]
}
mutate { remove_tag => [ "tags", "_jsonparsefailure" ] }
json { source => "message" }
}
# Parse the JSON message
json {
source => "message"
remove_field => ["message"]
}
# Replace @timestamp with the timestamp stored in time_stamp
date {
match => [ "time_stamp", "UNIX_MS" ]
}
# Convert select fields to integer
mutate {
convert => { "int" => "integer" }
convert => { "int__2" => "integer" }
convert => { "int__3" => "integer" }
convert => { "file_size" => "integer" }
}
}
if "2" in [tags] {
dissect {
mapping => { "message" => "%{irods_user},%{quota},%{used_quota}" }
}
# Convert select fields to integer
mutate {
convert => { "quota" => "integer" }
convert => { "used_quota" => "integer" }
}
}
}
output {
# Write the output to elastic search under the irods_audit index.
elasticsearch {
hosts => ["localhost:9200"]
index => "irods_audit"
}
} `
