Hi I m trying to correlate different logs/indices based on a certain fields. Unfortunately the target field in these logs are not the same naming. I have found a way creating runtime field to rename the field to sync up with the other field in both logs. It works however this sacrifices a bit on the speed and performance.. Is there a better way to do this? Thank you.
i found it , can use copy_to parameter in mappings.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.