Hi Chris,
I think a scripted field might help. Here's an experiment I did.
- I put this data using Kibana dev console. Each doc has a name but in a different field;
PUT /discuss/test/1
{
"date" : "2017-05-26T00:01:00",
"name" : "Lee"
}
PUT /discuss/test/2
{
"date" : "2017-05-26T00:02:00",
"firstName" : "Bob"
}
PUT /discuss/test/3
{
"date" : "2017-05-26T00:02:30",
"fullName" : "Bart Simpson"
}
- It looks like this in Discover;
Obviously I can already search on any of those names (without using the field name) and find the doc as long as the other docs don't also contain the names or parts of names in other fields.
But if I want one field I can always search on I can create a scripted field like this which uses the first of the values it finds;
doc['name.keyword'].value ?: doc['firstName.keyword'].value ?: doc['fullName.keyword'].value ?: ''
Or this also works (might need one final return for the case where all three are null);
if (doc['name.keyword'].value != null)
return doc['name.keyword'].value;
if (doc['firstName.keyword'].value != null)
return doc['firstName.keyword'].value;
if (doc['fullName.keyword'].value != null)
return doc['fullName.keyword'].value;
Regards,
Lee