Hi!
Been trying to figgure this one out for a while, and cant understand what I do wrong here.
When searching for ex mynumber:[50 TO 90]
It will return all numbers that start with 5,6,7,8,9
not only nubmer between 50 and 90
So i would get like, 5,6,50,55,560,698222 and so on
Did try to extract as BASE10NUM and NUMBER. Both works and seems ok, but when searching i only get results from first character in number.
Any ideeas?
Hey back 
Been strugeling to make sure what it is saved as.
Everything looks like it is stored as number (integer), but how to make sure I am no aware of.
Anyt tips on how to se the type a value is stored as?
EDIT
Interesting finding.
Tried this on two different servers.
Both give a numeric on a “bytes” value and “bytes:[100 TO 200]” works fine
But on both servers when looking at timed values, but should be stored as numeric the Seconds and Mileseconds come out as I mentioned here. It only evaluates the first chr in the number.
Best regards
Snowy
you can look into the mapping of one index in elasticsearch with the curl commands from this elasticsearch docs:
https://www.elastic.co/guide/en/elasticsearch/reference/5.6/indices-get-mapping.html
If you want to ensure that specific items are stored with specific settings, look at: http://docs.graylog.org/en/2.4/pages/configuration/elasticsearch.html#custom-index-mappings
Hi and thaks a lot for helping out.
I dont get any response from port 9200 but at port 9000 I get the folowing.
The documentation looks different from my result, and I cant se anything I could do to attac the problem here.
Is it because I run a newer version?
Best regards
you need to run the curl command on the elasticsearch server and not on the Graylog server.
Hi and thanks again.
This is a one stop server, all roles on the same server.
Should it accept the curl command on port 9200?
And 9200 then should represent elasticsearch?
Snowy
you might have elasticsearch noch listening on localhost - check your configuration where you bind the elasticseach server to.
Hi and thanks again @jan
When runing curl from another host towards the graylog server on port 9200 it worked.
curl -X GET “192.168.1.195:9200/graylog_27/_mapping”
Found the value to be
{“type”:“keyword”},“ElapsedTime”:{“type”:“keyword”}
So I added an extractor to convert it. Cut dident do it, but a Copy and new Field did the trick.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.
