I am relatively new to Elasticsearch. I am using Ingest node processors to parse incoming log entries sent from other servers using Filebeat. There are values within the log entries that I want to parse as double precision numbers but the grok and convert processors seem to be limited to float precision.
What is the best way to handle double values parsed from string log entries?
You should use grok to extract the double value into a field. Grok won't parse it into a number at all, it will simply extract the pattern and store it into a field, as a string. Then you just leave it as a string field and do not try to convert it (because indeed the convert processor is limited to float precision). Lastly, make sure you map the field in Elasticsearch as double type and, even though it's a string field in the source, Elasticsearch will handle it as a numeric field for searching and aggregations.
Hope that helps
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.