0

I've been given a set up where I have a program creating live data and posting them into Elasticsearch.

I am trying to visualise this data in Kibana, but I'm coming across many problems such as numbers for a field being of type string instead of integers or there being certain missing fields.

But mainly for now certain fields being integer instead of string would be useful. How do I go about this? Is it possible?

I have no access to source code of the system creating the live events data.

Thanks in advance.

Update: I should also mention additionally that for now I am restricted to Elasticsearch version 2.4

noob
  • 5,954
  • 6
  • 20
  • 32

1 Answers1

0

If your data is coming straight into Elasticsearch, your options are limited.

The best option is to have the program that is creating the data send valid, properly formatted data.

If that's not an option, you can set your Elasticsearch mapping to force the field to be numeric. This will have the side-effect of dropping all documents where this field is not numeric.

There is also the elasticsearch injest node, which allows for some (logstash-like) transformations of the data. Converting the type is one such allowed "processor".

Alain Collins
  • 16,268
  • 2
  • 32
  • 55
  • Many thanks! I think I will go with the second option.... but how do I go about 'forcing' the field to be numeric? Don't I have to write some kind of script to convert the type of the data that has just come in and then insert it into that field attribute for that event. How do I do all this? – noob Jan 31 '17 at 11:17