Data type conversion using logstash grok

Question

Basic is a float field. The mentioned index is not present in elasticsearch. When running the config file with logstash -f, I am getting no exception.

Answer 1

You have two problems. First, your grok filter is listed prior to the csv filter and because filters are applied in order there won't be a "Basic" field to convert when the grok filter is applied.

Secondly, unless you explicitly allow it, grok won't overwrite existing fields. In other words,

grok{
    match => [
        "Basic", " %{NUMBER:Basic:float}"
    ]
}

will always be a no-op. Either specify overwrite => ["Basic"] or, preferably, use mutate's type conversion feature:

mutate {
    convert => ["Basic", "float"]
}