How to Analyze field with elasticsearch

111417 · December 9, 2020, 3:12pm

I want to parse field with spacial format (like Json) with using elasticsearch without logstash , is that possible with using elasticsearch analyze?

If it's possible,where can i start?
Or there is another way?

example :
before parse

{ 'timestamp' : 2020-12-9,
'message' : {'a':3,'b':4}
}

after :
{'timestampe' :2020-12-9,
message :{'a':3,'b':4}
'a' : 3,
'b' : 4,}

thank you!

dadoonet · December 9, 2020, 3:31pm

Welcome!

You can use the ingest pipeline feature.

For example, based on this documentation:

You can write

PUT _ingest/pipeline/extract_message
{
  "processors": [
    {
      "set": {
        "field": "a",
        "value": "{{message.a}}"
      }
    },
    {
      "set": {
        "field": "b",
        "value": "{{message.b}}"
      }
    }
  ]
}

PUT index/_doc/1?pipeline=extract_message
{
  "message": {
    "a":3,
    "b":4
  }
}
GET index/_doc/1

That should work.

111417 · December 9, 2020, 3:48pm

Thanks for your reply !!
Really helped me a lot !!

system · January 6, 2021, 3:48pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Can I parse data with Elasticsearch? Elasticsearch	5	2663	June 26, 2019
Elasticsearch analyzing and mapping data Elasticsearch	6	395	August 25, 2020
Extract a field from a text field Elasticsearch	2	312	June 24, 2022
Logstash: ingest only message on elasticsearch Logstash	2	517	December 2, 2019
Ingest pipeline split MESSAGE field into multiple fields Kibana	7	1964	August 2, 2022

How to Analyze field with elasticsearch

Related topics