It is likely that Elasticsearch has saved the field as a keyword rather than long. You can query the Elasticsearch database to see with something like this:
curl -X GET -netrc "elstc-main:9200/*/_mapping/field/myfield?pretty" | grep -B 7 keyword
If this is the case, you can either correct Elasticsearch with a custom field or you could try to convert it to a long as part of your test - if it gets 0 (or whatever you define… like 7777 ) it couldn’t convert it to a long and is therefor not a number
rule "does it number"
when
has_field("myfield") &&
to_long($message.myfield, 7777) != 7777
then
//
// some action here
//
end
On a side note, I used the forum tools </> to make my code readable and easily copy/pastable… it helps for questions and answers!