logstash-filter-grok icon indicating copy to clipboard operation
logstash-filter-grok copied to clipboard

Published 20 hours ago verified publisher icon logstash-plugins

Numeric semantic conversion in grok appear to work on longs as well

Open ppf2 opened this issue 9 years ago • 0 comments

The following documentation snippet may be outdated/misleading.

https://www.elastic.co/guide/en/logstash/current/plugins-filters-grok.html

Optionally you can add a data type conversion to your grok pattern. By default all semantics are saved as strings. If you wish to convert a semantic’s data type, for example change a string to an integer then suffix it with the target data type. For example %{NUMBER:num:int} which converts the num semantic from a string to an integer. Currently the only supported conversions are int and float.

Turns out it actually works on values larger than int32 max (2147483647).

For example, the following works on a string 9223372036854775801. And via dynamic mapping will create the field as a long in Elasticsearch.

  grok {
    match => { "message" => "%{NUMBER:big_number:int}" }
  }

ppf2 avatar Jan 14 '16 18:01 ppf2