Hi Ryan, Elasticsearch tries to be smart about the types of document fields if no explicit mapping was provided. In this case, it assumes that those fields are strings. Since this dynamic mapping is applied on a per-index base, rotating the index (see System -> Indices -> Maintenance in the Graylog web interface) basically enables you to start with a "clean slate".
If you want to enforce a certain mapping for your indices, you can create an explicit mapping (see https://www.elastic.co/guide/en/elasticsearch/reference/1.7/mapping.html) and use an index template (see https://www.elastic.co/guide/en/elasticsearch/reference/1.7/indices-templates.html) to apply it to newly created indices. Cheers, Jochen On Tuesday, 12 April 2016 19:35:13 UTC+2, Ryan Anstey wrote: > > I'm new to this and my scripts were accidentally pouring in data as > strings instead of integers. I've fixed that, but now those fields are > still set to be strings only. Is there any way for me to override this? > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/1ad4ff3c-4253-49b6-92c8-21bc0f661cf6%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
