Hi.
I'm sending JSON messages into a Raw TCP input. I would like to execute some extractors on the incoming message. 1) Apply JSON extractor on the incoming "message" field 2) Apply the "Copy input" extractor in the field "tstamp" extracted by previous JSON extractor, apply a date converter and store in a new field (say d_tstamp). This field contains a date a date in the format: yyyy-MM-dd'T'HH:mm:ss.SSS'Z'. I was expecting to see the the elasticsearch mappings containing a field d_tstamp having type “date”, however the new field d_tstamp is mapped as "string" type. I’ve no experience using elasticsearch, but I can imagine that having a field of type "date" indexed as a string is not a good idea. (ex. querying date intervals). I’ve tried to apply a “Copy input” extractor in another field (counter) that is a string in the incoming JSON and apply the numeric converter. This time the field is stored in ES as a "long" as expected. Any ideas? Thanks for any help you could provide. -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/28550e18-b2fb-4ff5-a2bc-dd307c05faae%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
