Hi, if you want to ensure that a document field has always the same type, you'll have to create a custom index mapping ( https://www.elastic.co/guide/en/elasticsearch/reference/1.7/mapping.html) and make sure it will be applied to new indices by creating an index template with your custom mapping ( https://www.elastic.co/guide/en/elasticsearch/reference/1.7/indices-templates.html ).
Cheers, Jochen On Thursday, 14 April 2016 11:35:23 UTC+2, [email protected] wrote: > > Hi all, > > I would like to give some details. > We have a field @timestamp. > But it is in the false format. > It is recognized as string instead as beging recognized as date. > We defined the input as being JSON. > The extractor defnitions seemed to be clean. With this extractor we should > have had as a result the @timestamp as date. > But how can we test it? > Also: Taking a look to Elasticsearch via Kibana we see the @timestamp > field being in a string format. > So, either: The format conversion did not function we the extractor, what > I did not think. > Or some template in elasticsearch transforms the now-date-field back to > string. > Does someone have a clue? > Either: How can we check the extractor conversion went good. > Or: If elasticsearch is the source for this erratic behaviour. > > Thanks! > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/38f77029-18f8-4449-b2e7-057dd68b1eaf%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
