Grok rule to parse log as numeric / int


I managed to set up a Grok rule to parse an Nginx access log from a container in Kubernetes via {New Relic One > Logs > ··· near “Query logs” on the right > Manage parsing > Create parsing rule}, matching bytes and response as integers [1,2]. But in {New Relic One > Logs > Attributes > … filter for the attribute I created the parsing rule for … > click a log entry > JSON} I still see bytes or response as type string instead of int.

How do I make New Relic parse bytes and response as integers, so I can later match them in NRQL as response >= 500 (for example)?

[1]: Parsing logic = %{IPORHOST:clientip} (?:(?:[a-zA-Z\.\@\-\+_%]+:ident)|-) (?:(?:[a-zA-Z\.\@\-\+_%]+:auth)|-) \[%{HTTPDATE:timestamp}\] "%{WORD:verb} %{URIPATHPARAM:request} HTTP/%{NUMBER:httpversion}" %{INT:response} (?:%{INT:bytes}|-) (?:"(?:%{URI:referrer}|-)"|%{QS:referrer}) %{QS:agent}, modelled after the definition of NGUSER as shown in -> “nginx_access”, since setting Parsing logic = %{NGINXACCESS} yields No definition for key 'NGINXACCESS' found, aborting and copying the NGINXACCESS pattern including %{NGUSER} yields No definition for key 'NGUSER' found, aborting.
[2]: That’s not as convenient as I would hope for, but it seems to work well enough. cf. Kubernetes Helm nri-bundle logtype

Hi dschridde!

If the end goal is to just get the NRQL to see the values as numbers, we do have an option for that:

From the Type Conversion section:

Use the numeric() function to convert a number with a string format to a numeric function. The function can be built into a query that uses math functions on query results or NRQL aggregator functions, such as average().

You can wrap your values with the numeric() function to convert them to numbers so that math functions can be used. For example:

SELECT numeric(Bytes-Received) / 1000 AS 'KB Received" FROM Log