Hello,
I have been struggling with parsing a log to a number field.
As a result I am unable to use this field for statistics and draw dashboard that I need.
Can somebody help me?
I used GROK pattern to extract number , I use GROK “int” hint data type but when I want to run statistics against that field I get an error because the field is stored as text despite everything that did.
Here is a very simple extractor: memUsage:%{BASE10NUM:test_num:int}
When I query this field it appears as text:
I will greatly appreciate any suggestions,
Thank you
I don’t know what I am doing (I tried newer version 3.3.2-1) with same results: after successfully creating a pattern(it tests fine on sample message), the expected field doesn’t show up in the list of search fields. What is it that I am missing . I spent a few days dealing with this problem.
You will make my day if you explain me what I may be doing wrong.
Yes, you are right, I actually corrected it since my first post but I have no luck. Is there a way to troubleshoot the system gives no indication that there is some problem. Any logs where I could look? Maybe MongoDb access and query ?
the data is stored in Elasticsearch. When you change the datatype of a field - or want to - you might need to rotate your indices that elasticsearch is creating a new index where this field is not (yet) set with a specific data type for a single field.
So during setup/trial it is always better to change also the field name you want to have to a new on each test to ensure that you get the desired result.
