Can I parse data with Elasticsearch?

nicks1993 · May 23, 2019, 6:11pm

I am using the EFK stack at work. Mo one seems to know much about it.
I struggled to get script fields working in kibana due to my field not being aggregatable I believe. I couldn't really figure out how to change the field to be aggregatable using dev tools. The person I am reporting to does not want to alter fluentd which I think is likely the best option to parse with, correct me if I am incorrect.
What can I do with elasticsearch? Can I parse fields from there. I have a better chance of gaining access to ES config files than I do fluentd files.

this message field is what I am trying to parse. I want the time field parsed into a numeric field.

message: words::words::words (time=517, words)

warkolm · May 23, 2019, 9:34pm

You could look at using the ingest functionality to do this - https://www.elastic.co/guide/en/elasticsearch/reference/current/ingest.html

nicks1993 · May 24, 2019, 3:56pm

Great thanks, I'll look into it

nicks1993 · May 29, 2019, 1:09pm

Does Elastic have a slack or a gitter? I'm having a hard time wrapping my head around EFK/ELK stack and would like to be able to chat if that's an option

warkolm · May 29, 2019, 9:24pm

We have IRC channels on Freenode.

Topic		Replies	Views
How to Analyze field with elasticsearch Elasticsearch	3	349	January 6, 2021
Unable to make a field aggregatable in kibana Elasticsearch	27	10496	January 25, 2019
How to create by fields sending data through elasticsearch Kibana	5	268	June 8, 2021
New field creation in kibana Kibana	5	399	May 6, 2020
How to parse JSON in syslog_msg to fields? Kibana	12	14167	December 14, 2018

Can I parse data with Elasticsearch?

Related topics