Hi
We have recently changed our field names to include a suffix of the type.
I have run a refresh on my index pattern and can now see the new fields and the old, but my visualizations now need updating to handle both (as I don't want to lose the old data).
Is it possible to create scripted fields to return either or both?
When I try, and run the preview window then it comes back with 0 values.
Thank you in advance
Hi @Aileen,
how does the script you tried look like?
Something like this should you the trick:
if (doc['newfield'].empty) {
return doc['oldfield'];
} else {
return doc['newfield'];
}
That begin said, depending on how much data you have it might make sense to re-ingest the data and change the fieldnames in the actual indexed documents because performance might not be great using scripted fields.
Hi @flash1293
Thanks for your help. That is pretty much what I tried.
I have just tried again, and now when I go to the Discover page, I only see my scripted field in "Available fields", and it claims that no data matches my search criteria.
Is it because the data has already been received, without that field?
Thanks
Hi, could you post your mapping definition and your script? It's hard to tell without knowing specifics.
Hi
Here are the hostname fields:
Here is my discover page:
Usually there is a whole list of Available fields on the left, and as you can see we have over 3 million entries, all of which have either HostName or HostName_String. And yet apparently none match the search, even though I don't see that I have any search criteria.
Thanks
Perhaps it will help to show you what has happened with the records.
Here is how it looked 2 days ago:
Here is how it looks now, as you can see, we have suffixed some of the fields with the type.
Our visualizations filter on things like HostName, MetricName, and then display other fields, such as for example SqlStringLength
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.
