stackoom
  简体   繁体   中英

Logstash grok filter integer

 原文  2015-03-02 23:02:01       elasticsearch/ logstash/ logstash-grok

Question

I need to index numerical data in my ElasticSearch DB and i'm using grok filter to parse the log line (which is all comma separated integers).

trying to use this format %{NUMBER:userID_2:int} did not work and no data was indexed and no exception appeared.

When i changed the type to "float" -ie %{NUMBER:userID_2:float} it worked just fine.

Any idea why i'm not able to index integers?

(Using elastic 1.4.4 and logstash 1.4.1)

Thanks!

1 answers

solution1
 0  2016-09-15 13:14:09

In "filter" section you set up match expression: 

match => "%{NUMBER:user_id}"

and then you convert it: 

mutate {
  convert => {
    "user_id" => "integer"
    ....
  }
}

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question logstash grok filter pattern Logstash filter using grok If statement not working on grok filter logstash Logstash grok filter apache pattern Logstash Filter Grok for custom log Custom GROK filter - Logstash -> Elasticsearch Logstash JSON Grok filter issue Logstash grok filter to tag received and bounced messages create a Grok filter for a specific date pattern in logstash Logstash Grok filter add local hostname
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM