Hi, I'm a Kibana newbie but used to work in Splunk and I'm trying to put together a saved search but one of the fields I'm trying to query has at times multiple lines in that field. The field in question mostly has all the data in one line but sometimes it's multiple lines so it throws off the formatting. This will be for a dashboard I'm creating.
Is there a way in the query to say give me just the first line of this field without having to change anything on the back end?
Thanks!
Unfortunately you will need to change this at index time. You can either change this where it's being sent to Elasticsearch, implement a pipeline in Elasticsearch, or use Logstash.
That's what I was thinking. Thanks for the reply!
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.