Hi there,
I am a bit struggling getting this right.
I have some log messages, What I need to do is to look for log.message, get the first 15 characters and display the most 10 popular messages.
What I did so far is create a scripted field and retrieve log.message and trunc it to 15 characters. Nevertheless, while displaying in a chart, kibana still considers it as different. For example
This is a log message ABC
This is a log message CBA
This is a log message BBB
This is a log message ABC
If I query the script, it shows as
This is a log m...
This is a log m...
This is a log m...
And if I do a count and display it in a bar chart, I see them as independent categories, the exactly repeated ones in one category, but I would also like to see the rest based on the script.
Any other way I can do this? or to make this work?