Can I parse data with Elasticsearch?

nicks1993 · May 23, 2019, 6:11pm

I am using the EFK stack at work. Mo one seems to know much about it.
I struggled to get script fields working in kibana due to my field not being aggregatable I believe. I couldn't really figure out how to change the field to be aggregatable using dev tools. The person I am reporting to does not want to alter fluentd which I think is likely the best option to parse with, correct me if I am incorrect.
What can I do with elasticsearch? Can I parse fields from there. I have a better chance of gaining access to ES config files than I do fluentd files.

this message field is what I am trying to parse. I want the time field parsed into a numeric field.

message: words::words::words (time=517, words)

warkolm · May 23, 2019, 9:34pm

You could look at using the ingest functionality to do this - https://www.elastic.co/guide/en/elasticsearch/reference/current/ingest.html

nicks1993 · May 24, 2019, 3:56pm

Great thanks, I'll look into it

nicks1993 · May 29, 2019, 1:09pm

Does Elastic have a slack or a gitter? I'm having a hard time wrapping my head around EFK/ELK stack and would like to be able to chat if that's an option

warkolm · May 29, 2019, 9:24pm

We have IRC channels on Freenode.

system · June 26, 2019, 9:24pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.