Create fields in Kibana

Hi,
We have a web service application that exposes certain webservices over http. The webservice requests are xml messages sent in a SOAP envelope. The application logs the request and response messages for audit purposes.Since the application processes multiple webservices, the xml messages are different.

I am trying to use the ELK stack for log analysis. I have used logstash to parse the log file and have put the xml message into an elasticsearch field.

Is there a way in Kibana using which the user can extract a certain tag from the xml message field, assign it to a different field and create graphs out of it? I do not want to do this in logstash, but would like to do it in Kibana at run time.

1 Like

Kibana does support scripted fields, which you can use to represent certain transformations on indexed data as separate fields in the search results: https://www.elastic.co/guide/en/elasticsearch/reference/current/search-request-script-fields.html

I'm not sure if that will work for your particular use-case, but I think it's your best bet. Scripted fields are not infinitely flexible though, and you can't use them in all of the same ways that you can use regular fields.

Generally speaking, I strongly recommend transforming data into the format you need when you index it rather than when you search for it.

Thanks for you help Court.

Scripted fields may not help me. Do you know if this feature may be implemented in a future release?

It's hard to say, but feel free to create a feature request on github if one doesn't already exist!

Do either of these sound like what you want to do?