I see several related forums posts for this but as far as I can tell, nobody had any success.
In Elasticsearch/Kibana 6.7 (AWS-managed, for now). Say I have a field, httpRequest.headers
, which has the following contents:
{
"name": "upgrade-insecure-requests",
"value": "1"
},
{
"name": "user-agent",
"value": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.82 Safari/537.36"
}
I'd like to display the user-agent
value in discover, preferably as the field httpRequest.headers.userAgent
.
I understand that there's a way to do that on the fly and also a way to do it via a scripted field. However, I'm striking out.
Could you tell me exactly what/where I'd need to type in Discover to do it on the fly?
Could you also tell me exactly how to create it as a scripted field in the Kibana UI?
Thanks!