Logstash grok filter integer

0
votes

I need to index numerical data in my ElasticSearch DB and i'm using grok filter to parse the log line (which is all comma separated integers).

trying to use this format %{NUMBER:userID_2:int} did not work and no data was indexed and no exception appeared.

When i changed the type to "float" -i.e. %{NUMBER:userID_2:float} it worked just fine.

Any idea why i'm not able to index integers?

(Using elastic 1.4.4 and logstash 1.4.1)

Thanks!

1
elasticsearchlogstashlogstash-grok
Please provide log example and make sure all your logs is in integer format.Ben Lim
Log line: 20630,198595,214285,451,7907,206502,214285,3691,46011,112769,156888,184225,19708,26873,77739,35843,40659,263309,95184,105544,90,81,85,87,85,87,86,87,87,86,81,"2008-06-26 10:00:00"Eitan Vesely
Log line: 20630,198595,214285,451,7907,206502,214285,3691,46011,112769,156888,184225,19708,26873,77739,35843,40659,263309,95184,105544,90,81,85,87,85,87,86,87,87,86,81,"2008-06-26 10:00:00"Eitan Vesely
@BenLim anything? :-(Eitan Vesely

1 Answers

0
votes

In "filter" section you set up match expression:

match => "%{NUMBER:user_id}"

and then you convert it:

mutate {
  convert => {
    "user_id" => "integer"
    ....
  }
}