I am pretty sure that would work fine - I haven’t set type in GROK for Graylog but it makes sense to me that ElasticSearch would pick it up as a float when you rotate the index. One thing to note, I have generally used long instead of float and I know Graylog is particular about field types… it doesn’t use all the ones that Elasticsearch makes available. don’t forget to rotate the index to make the change. If you want to get into changing the historical data as well, this is the post I put up on how to do that:
tmacgbay
(Tmacgbay)
6
Related topics
| Topic | Replies | Views | Activity | |
|---|---|---|---|---|
| Convert fields created by grok pattern as integer | 3 | 3254 | March 4, 2020 | |
| Unexpected behavior for handling numeric field | 6 | 502 | February 4, 2019 | |
| Forcing numeric fields | 7 | 7502 | May 4, 2017 | |
| Failed to parse field of type [float] | 3 | 2374 | August 12, 2019 | |
| Expected numeric type on field but got [keyword] | 11 | 3425 | September 20, 2021 |