Hello,
Is it possible to retroactively create a scripted field retroactively to an index? I have created some visualizations, and it works great with this new field and would like this field available from data captured in an earlier run.
Or is there a different approach that I should use ?
Thank you!
G
You can create new fields in all the docs by using Kibana's Painless scripting language. This obviously has some limitations depending on how complex the requirements of your new field are. Take a look here - https://www.elastic.co/guide/en/kibana/current/scripted-fields.html
If this does not work out, then replaying your old logs through either 1) Logstash or 2) Ingest Pipelines is the way to go.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.