Seems like field's type is not counted by this plugin.

fluent / fluent-plugin-grok-parser

Fluentd's Grok parser

Other

107 stars 31 forks source link

Seems like field's type is not counted by this plugin. #70

Open fog1985 opened 5 years ago

fog1985 commented 5 years ago

Even though I am providing grokked field with type as follow: %{NUMBER:response:integer} It appears in EFK as type string. Though no errors in fluentd's logs etc. It seems like it's being ignored at all. Any bits of advice on how can it be overcome?

root@fluentd-fluentd-elasticsearch-jpcqh:/# fluentd --version
fluentd 1.3.3

okkez commented 5 years ago

Sorry for the delay. Do you have the raw logs?

I tested the following configuration, but I could not reproduce your situation.

<source>
  @type dummy
  tag dummy
  dummy [
    {"message": "500 This is test"},
    {"message": "404 This is test"},
    {"message": "302 This is test"},
    {"message": "200 This is test"}
  ]
</source>

<filter dummy>
  @type parser
  key_name message
  <parse>
    @type grok
    <grok>
      pattern %{NUMBER:response:integer} %{GREEDYDATA:msg}
    </grok>
  </parse>
</filter>

<match dummy>
  @type stdout
</match>