About data types in graylog and ES

(Charles Deng) #1

Hi Team,

per document, there are only six built-in types: string, double, long, boolean, void and ip:

The six built-in types in Graylog are string (a UTF-8 string), double (corresponds to Java’s Double), long (Java’s Long), boolean (Boolean), void (indicating a function has no return value to prevent it being used in a condition), and ip (a subset of InetAddress), but plugins are free to add additional types as they see fit.

but i also noted in the graylog-internal template, there is a static date type field “timestamp”.

does this mean that we can create a custom index mapping with date fields, and in pipelines we can store the date value in a string field with a well-formatted date format(should be match the format for the date type field in ES?) string value and graylog will store it directly into the correspond ES date type field, and the type-safe take cared by user (otherwise will lead an exception and error)?

also, for integer types, there is only type long in graylog(maybe this simplified the derivation of type of field in graylog), but if we define a field with long in graylog but byte in ES, what will happen to graylog when it output the field into ES ?

best wishes

(Jochen) #2

You’re mixing up the data types supported by Graylog in pipeline rules and the data types supported by Elasticsearch (such as those used in a Elasticsearch index mapping).

That would work.

If the number fits into the range of a byte, everything would work as expected, if the range of the byte data type is exceeded, the message won’t be indexed and you’ll receive an indexing error.

(system) #3

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.