I have a log processing rule to capture the HTTP request header data.
I want the data type to be DOUBLE for request size values and IPADDR for IPs.
However, the data always gets parsed as STRING data type.
Any options to fix this issue for log ingest rules?
PARSE(content, "JSON:jsoncontent")
| FIELDS_ADD(http.request.size:DOUBLE(jsoncontent[http_info][request_headers][request_size]))
| FIELDS_ADD(http.client_ip:IPADDR(jsoncontent[http_info][request_headers][X-Ruxit-Forwarded-For]))