By default logstash takes all input as a string, added ":int" to the fields
which i wanted as number.
eg.
%{NUMBER:apache_bytes:int} %{NUMBER:apache_response_time:int}
Ref: https://groups.google.com/forum/#!topic/logstash-users/2ewrcovttSY
On Tuesday, 22 July 2014 09:24:20 UTC-7, deepak deore wrote:
>
> My tomcat access logs have last field as "%D - Time taken to process the
> request, in millis". I am trying to filter the logs which took more than
> some number of milliseconds, but it is showing all the logs as a result, I
> am trying as per lucene "Range Searches"
> http://lucene.apache.org/core/2_9_4/queryparsersyntax.html
>
> I tried below queries but it shows all the logs.
>
> timetaken: [1000 TO *]
>
> timetaken: [1000 TO 5000]
>
> timetaken: ['1000' TO *]
>
>
>
--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/6ce210aa-9072-4f3e-b1d0-1b69e65ba568%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
