mutate 类型转换

[elk@Vsftp logstash]$ cat grok.conf input {stdin {}} filter {  grok {   match =>{   "message" =>"/s+(?<request_time>/d+(?:/./d+)?)/s+"      }  }}output {        stdout {                        codec => rubydebug                }}[elk@Vsftp logstash]$ logstash -f grok.conf Settings: Default pipeline workers: 4Pipeline main startedBEGIN 123.321 END{         "message" => "BEGIN 123.321 END",        "@version" => "1",      "@timestamp" => "2017-02-08T07:08:17.638Z",            "host" => "Vsftp",    "request_time" => "123.321"}可以看到这里时间变成了字符串[elk@Vsftp logstash]$ cat grok.conf input {stdin {}} filter {  grok {   match =>{   "message" =>"/s+(?<request_time>/d+(?:/./d+)?)/s+"      }  }  mutate {    convert =>["request_time","float"]}}output {        stdout {                        codec => rubydebug                }}[elk@Vsftp logstash]$ logstash -f grok.conf Settings: Default pipeline workers: 4Pipeline main startedBEGIN 123.321 END{         "message" => "BEGIN 123.321 END",        "@version" => "1",      "@timestamp" => "2017-02-08T07:11:06.794Z",            "host" => "Vsftp",    "request_time" => 123.321}把字符串转换我float