0

I am trying to convert one of our field which is in String to Integer. I tried all methods to convert but all methods are failed.

I tried in Kibana using painless, Logstash using mutate filter and Elasticsearch using reindex API.

This is our logs:

Sep 13 10:37:01 SYSTROMEGGN APP_TRAFFIC: SerialNum=H000D-8D31U-2000P-H0H5Q-E028T GenTime="2019-09-13 10:37:01" StartTime="2019-09-13 10:36:00" EndTime="2019-09-13 10:37:00" Category="search-engine" AppName="truecaller" Traffic=31104

All field types are by default string but I want "Traffic" field in integer. This is my logstash configuration pipeline:

input {
     udp {
       port => 5044
       type => "syslog"
     }
}

filter{
      if [type] == "syslog" {
          grok {
            match => { "message" => "% . 
               {SYSLOGTIMESTAMP:syslog_timestamp} %{WORD:syslog_type}% 
               {DATA:syslog_program}:%{GREEDYDATA:syslog_message}" 
            }
          }
          date {
            match => [ "timestamp", "MMM  d HH:mm:ss", "MMM dd HH:mm:ss" ]
          }
          kv {
            source => "syslog_message"
            value_split => "="
          }
      }
}

output {
  elasticsearch {
      hosts => ["http://192.168.0.62:9200"]
      index => "syslog"
      document_type => "system_logs"
      user=>"elastic"
      password=>"elastic"
  }
  stdout { codec => rubydebug }
}

I expect the output is that my "Traffic" field converted in Integer type but the actual output is "Traffic" field in String type.

4

1 回答 1

0

您可以在您的 logstash 配置中的过滤器内添加一个 mutate 部分。这应该可以工作,请与 mutate 部分分享您的配置,看看它为什么不工作。

  filter{
       -----
       mutate {
           convert => { "your_field_name" => "integer" }
       }

   }
于 2019-09-16T14:23:03.253 回答