您可以为这些字段设置显式映射（请参见例如将Elasticsearch中的字符串的默认映射更改为未分析指导），但是使用突变过滤器将这些字段转换为整数在Logstash中更容易/ a>：

  mutate {
 convert => [name-of-field，integer] 
} 
 

然后弹性搜索将为您的字段猜测***数据类型做一个更好的工作。

（另请参见使用logstash grok进行数据类型转换）

I am new to Elasticsearch and am just starting up with ELK stack. I am collecting key value type logs in my Logstash and passing it to an index in Elasticsearch. I am using the kv filter plugin in Logstash. Due to this, all the fields are string type by default.

When I try to perform aggregation like avg or sum on a numeric field in Elasticsearch, I am getting an Exception: ClassCastException[org.elasticsearch.index.fielddata.plain.PagedBytesIndexFieldData cannot be cast to org.elasticsearch.index.fielddata.IndexNumericFieldData]

When I check the mappings in the index, all the fields except the timestamp ones are marked as string.

Please tell me how to overcome this issue as I have many numeric fields in my log events for aggregation.

Thanks,

Keerthana

You could set explicit mappings for those fields (see e.g. Change default mapping of string to "not analyzed" in Elasticsearch for some guidance), but it's easier to just convert those fields to integers in Logstash using the mutate filter:

mutate {
    convert => ["name-of-field", "integer"]
}

Then Elasticsearch will do a better job at guessing the best data type for your field(s).

(See also Data type conversion using logstash grok.)