Hi, i have a field which contains string value. And when i try to sort it ascending or descending, it does but not correctly. So i though that creating a new field and converting it to long and then sorting it there with pipeline rule, would be helpful. But i think i have messed up with this. Could you help me to fix this rule?
rule "ElapsedTimeLong"
when
has_field("$message.elapsedTime")
then
set_field("elapsedTimeLONG", to_long($message.elapsedTime));
endHello @ithfdemir:
Is this related to this thread?
Converting the incoming data element in a Graylog pipeline rule alone won’t accomplish what you’re looking for since ultimately the typing is determined by the Elasticsearch indexing. If the data element looks like a number it’s more likely that the field will store as a numerical type but Elasticsearch won’t be directly informed by the handling done in Graylog.
Your Graylog version is older than I have worked with so I can’t speak to process differences between 2.4.6 and what we’re on (4.0.6) or what I used initially (3.2.1) but we have been using custom index mappings with good success since the start.
https://docs.graylog.org/en/4.0/pages/configuration/elasticsearch.html#custom-index-mappings
To your question about the rule specifically, I’m looking at the logic and it looks correct to me.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.