I'm wondering if scripted fields could help me with dynamically generating kibana fields.
A small subset of my logs follows the format:
message: "My awesome thing that I just did (10ms)"
I'd like to query for all logs where the message field begins with "My awesome thing", and then extract the duration and graph the results.
I could update logstash to add this magic field, but I'd much rather do this dynamically as the result set will be small and I don't think this is a typical use case.
Query time field extraction is unfortunately not currently possible in Elasticsearch.
Could this be done using a function_score block and script_field?
Currently kibana only supports lucene expressions in script fields, for security reasons. Lucene expressions unfortunately only support numbers, we're working to bring string support to them
I'm totally new to this but found this grok stuff. Seems that it can extract "new fields" like you want.
It does, but it needs to happen in Logstash, which is a step you do prior to indexing in Elasticsearch.
Does Elasticsearch 5.0 support this feature?
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.