I am working on Elastic Cloud v7.6. I have a index that contain a field contains a text like this
Status: 200-200 OK-OK Headers: Server=xxxxxxxxxx content-length=295 Cache-Control=private Content-Type=application/json; charset=utf-8 ====================================================================================== Body: {"operationStatusCode":xx,"subscriptionContractId":0,"errorMessage":"<someText>","responseCode":0,"paymentStatus":null}
I want to create a new field with the errorMessage Text as I need to aggregate number of occurences group by this errorMessage.
I have tried regex in a scripted field but it didn't work
Scripted Field
if (doc['response'].value != null) {
def m = /."errorMessage":(.+),"responseCode"./.matcher(doc['response'].value);
if (m.find()) { return m.group(1) }
else { return "no match" }
}
else { return "NULL"}
any suggestion either by scripted field or by Logstash if I can create a new index with the new field it will work for me for better search performance.