问题描述
我是Elasticsearch的新手,刚刚开始使用ELK堆栈。我正在收集Logstash中的键值类型日志并将其传递给Elasticsearch中的索引。我在Logstash中使用kv过滤器插件。因此,默认情况下,所有字段都是字符串类型。当我尝试在弹性搜索中的数字字段上执行聚合,如avg或sum,我得到一个异常: ClassCastException [org.elasticsearch.index.fielddata.plain.PagedBytesIndexFieldData不能转换为org.elasticsearch.index.fielddata.IndexNumericFieldData]
当我检查索引中的映射时,除时间戳之外的所有字段都标记为字符串。
请告诉我如何克服这个问题因为我的日志事件中有很多数字字段用于聚合。
谢谢,
Keerthana
您可以为这些字段设置显式映射(请参见例如)
I am new to Elasticsearch and am just starting up with ELK stack. I am collecting key value type logs in my Logstash and passing it to an index in Elasticsearch. I am using the kv filter plugin in Logstash. Due to this, all the fields are string type by default.
When I try to perform aggregation like avg or sum on a numeric field in Elasticsearch, I am getting an Exception: ClassCastException[org.elasticsearch.index.fielddata.plain.PagedBytesIndexFieldData cannot be cast to org.elasticsearch.index.fielddata.IndexNumericFieldData]
When I check the mappings in the index, all the fields except the timestamp ones are marked as string.
Please tell me how to overcome this issue as I have many numeric fields in my log events for aggregation.
Thanks,
Keerthana
You could set explicit mappings for those fields (see e.g. Change default mapping of string to "not analyzed" in Elasticsearch for some guidance), but it's easier to just convert those fields to integers in Logstash using the mutate filter:
mutate {
convert => ["name-of-field", "integer"]
}
Then Elasticsearch will do a better job at guessing the best data type for your field(s).
(See also Data type conversion using logstash grok.)
这篇关于弹性搜索将字符串转换为数字的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!