hello ,
Can anyone help, I'm new to elasticsearch Kibana but learnt in recent days to understand the usage.
I have a Index name "logstash-*" which receives logs constantly, my task is to filter from all logs in field "message" which contains "Incoming Message" and save those results in another(new field) should display those results.
my try's was:
1)create a field name "incoming messages"
2)enabled set value ,
if(doc.containsKey('Incoming Message:.')) {
emit(doc['message.keyword']);
}
3)Result is NULL(blank) in the field.
I understood my script is somewhere wrong, my expectation is checking "message" field if it contains "Incoming Message:" word then those should print in my new field. so if i select new field can able to view filtered data apart from querying everytime.
thanks a lot,
Jenny