Optionally you can add a data type conversion to your grok pattern. By default all semantics are saved as strings. If you wish to convert a semantic’s data type, for example change a string to an integer then suffix it with the target data type. For example %{NUMBER:num:int} which converts the num semantic from a string to an integer. Currently the only supported conversions are int and float.
Turns out it actually works on values larger than int32 max (2147483647).
For example, the following works on a string 9223372036854775801. And via dynamic mapping will create the field as a long in Elasticsearch.
grok {
match => { "message" => "%{NUMBER:big_number:int}" }
}
The following documentation snippet may be outdated/misleading.
https://www.elastic.co/guide/en/logstash/current/plugins-filters-grok.html
Turns out it actually works on values larger than int32 max (2147483647).
For example, the following works on a string 9223372036854775801. And via dynamic mapping will create the field as a long in Elasticsearch.