Custom key/value mapping

Hi there,

I have a requirement that I'm not sure if Kibana would be able to address:

I'm ingesting two logs with Elasticsearch:

• log1: contains responses from an API, and they have an unique status code. E.g. ABC123
• log2: contains a list of status codes and its human readable value. Eg. ABC123="Error in downstream call"

I need to represent in Kibana, the top 10 of status codes returned by the API, and the human representation of each code.

So far, Im able to show the top 10 status codes returned, but they show up as "ABC123, XYZ432, etc".

Is there a way I can "map" these status codes values from log1, with the values in log2? I'm ok having a pie chart or table.

Thanks!

Hi David, is your list of status codes and human readable values static? In other words, it sounds like you'll be indexing new API responses regularly, but you won't necessarily indexing new documents with new human readable values very often, correct?

If so, then you can create a scripted field on the index pattern you're using to select your API responses. This scripted field can handle the translation to a human readable value for you. You can create this scripted field by going to Management > Select your index pattern > Scripted fields tab.

Then you can create a new scripted field with "string" type, which will map the response code to a human readable value:

def map = ['200': 'OK', '401': 'Unauthorized', '404': 'Not found', '500': 'Server error'];
def response_code = doc['response_code'].value;
return map[response_code];

Does this help?

CJ

Hi @cjcenizal, thanks for your quick response. Even though I think your solution may do the trick, I think won't scale if we add more APIs or more code status. Eventually will be a maintenance associated in the source code and Kibana.

Appreciate your time.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.