0

I need to index numerical data in my ElasticSearch DB and i'm using grok filter to parse the log line (which is all comma separated integers).

trying to use this format %{NUMBER:userID_2:int} did not work and no data was indexed and no exception appeared.

When i changed the type to "float" -i.e. %{NUMBER:userID_2:float} it worked just fine.

Any idea why i'm not able to index integers?

(Using elastic 1.4.4 and logstash 1.4.1)

Thanks!

Kadir
  • 1,664
  • 2
  • 19
  • 22
Eitan Vesely
  • 125
  • 3
  • 16
  • Please provide log example and make sure all your logs is in integer format. – Ban-Chuan Lim Mar 03 '15 at 00:21
  • Log line: 20630,198595,214285,451,7907,206502,214285,3691,46011,112769,156888,184225,19708,26873,77739,35843,40659,263309,95184,105544,90,81,85,87,85,87,86,87,87,86,81,"2008-06-26 10:00:00" – Eitan Vesely Mar 03 '15 at 05:54
  • Log line: 20630,198595,214285,451,7907,206502,214285,3691,46011,112769,156888,184225,19708,26873,77739,35843,40659,263309,95184,105544,90,81,85,87,85,87,86,87,87,86,81,"2008-06-26 10:00:00" – Eitan Vesely Mar 03 '15 at 05:54
  • @BenLim anything? :-( – Eitan Vesely Mar 05 '15 at 21:19

1 Answers1

0

In "filter" section you set up match expression:

match => "%{NUMBER:user_id}"

and then you convert it:

mutate {
  convert => {
    "user_id" => "integer"
    ....
  }
}
Dmitry Lovermann
  • 260
  • 1
  • 5
  • 13