Hi,
I would like if it is possible how to compare this value of two fields
I mean i want to do if first 6 chars and last 4 chars of field1 are similar to field2 then add mutate or do something...
Any help would be sincerely appreciate!
Thanks!
You would need to extract those characters and then compare them. I have not tested this but perhaps
grok {
break_on_match => false
match => {
"[field1]" => "^(?<[@metadata][field1][start].{6}).*(?<[@metadata][field1][end]>.{4})$"
"[field2]" => "^(?<[@metadata][field2][start].{6}).*(?<[@metadata][field2][end]>.{4})$"
}
}
if [@metadata][field1][start] == [@metadata][field2][start] and [@metadata][field1][end] == [@metadata][field2][end] {
# Do something
}
It works if these two fields in the same documents yes but in my case these two fields are not in the same document 
i created a new topic for this
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.