I'm newbie to ELK. I do have previous working exp with splunk..
I have 4 questions over here. Sorry, may be my questions some are very basic.
If you answer for below question it will be very helpful for me ..
When data is already available in Elasticsearch. Eg (Message= 678990.R_Data_Lon_960_008.IN).
Is it possible to extract or split the above Message field and store them as separate field using Kibana Eg (Token=678990, Rate=R,File=Data,Location=Lon,Runid=960,Check=008,Progress=IN).
We have a concept called lookup in Splunk. External file can be inserted into splunk and with the help of common field between index and lookup file. We can fetch the data from lookup file and display in the dashboard. Do we have similar functionality in kibana.
Do we have join functionality in Kibana. If not do we have alternate way to achieve the same functionality using Kibana.
Can we able to setup the static value in dropdown filter of kibana?
Thanks in advance..