Building visualization in kibana by removing and grouping part of the value

Hello All,

I have a field tag in which I have two kinds of values as below,
tags: targetgeo:china,targetgeo:iran,geolocation:australia,geolocation:china

I wanted to group and visualize using geo field values i.e china-2,iran-1,australia-1

But currently I am getting targetgeo:china-1,targetgeo:iran-1,geolocation:australia-1,geolocation:china-1
Is there anyway I can parse the field after :and can visualize?

Also I can see some blogs where I can achive this using script field. Can somebody guide me with this as I am new to scripting and KQL.

I recommend doing the parsing and splitting at ingest, but if you just want to try, the documentation for scripted fields is here: https://www.elastic.co/guide/en/kibana/current/scripted-fields.html
Most of the reference is linked in there.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.