Help in 'painless scripted field creation'

Roni_Saha · September 4, 2018, 1:51pm

Hello anyone,

I am facing some issue while create a 'Painless Scripted field' ?

Here's the Logs in JSON format -

{
"_index": "my-log-test",
"_type": "doc",
"_version": 1,
"_source": {
"SubType": "000",
"Time": "10:40:43",
"Date": "04/09/18",
"CopID": "001",
"Type": "000",
"@timestamp": "2018-09-04T10:40:43.000Z",
"text": "Payment success, total_payments=000001 ,amount=1234 ||",
"Cat": "LOG",
"system-topic": {
"topic": "log.my-log-test.tech"
}
}

How I create scripted field named total_payments and amount as type INTEGER

Thanks in advance.

Brandon_Kobel · September 4, 2018, 6:50pm

Hey @Roni_Saha, you can do this using Regular Expressions in Painless Scripted fields. However, this will be rather slow and resource intensive, and depending on the size of your data you might want to do so during index using Logstash.

Roni_Saha · September 5, 2018, 9:51am

Thanks Brandon,

I am aware of the "index using Logstash" that are suggested by you. But the problem is to define field during indexing is that I have thounds of such different patterns!

I will try REGEX and monitor the performance [ because in some cases Auto-Refresh would be 1-5 minutes ].

system · October 3, 2018, 9:51am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.