I’ve created an extractor that is retrieving a numeric value from a string. It works great. At the end, I apply a numeric converter. As an example, the value is 2920. The resultant data type on the field is “unknown”. This means I can’t trend the value in a line graph or really do anything with it. Any idea what might cause this?
Thanks so much for any help.
So as an update, I figured out a pattern. The data type doesn’t work as expected when using a custom index/stream, but if I just route the messages into All Messages it works.
Is there something I need to do to modify the index in elasticsearch?
Actually, there’s seemingly no reason to it. I’m just going to have to do something else.
For anyone else that encounters this problem, what I ultimately ended up doing was creating a custom index mapping that includes the correct field data types.
https://docs.graylog.org/en/3.2/pages/configuration/elasticsearch.html
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.
