I want to parse field with spacial format (like Json) with using elasticsearch without logstash , is that possible with using elasticsearch analyze?
If it's possible,where can i start?
Or there is another way?
example :
before parse
{ 'timestamp' : 2020-12-9,
'message' : {'a':3,'b':4}
}
after :
{'timestampe' :2020-12-9,
message :{'a':3,'b':4}
'a' : 3,
'b' : 4,}
thank you!
Welcome!
You can use the ingest pipeline feature.
For example, based on this documentation:
You can write
PUT _ingest/pipeline/extract_message
{
"processors": [
{
"set": {
"field": "a",
"value": "{{message.a}}"
}
},
{
"set": {
"field": "b",
"value": "{{message.b}}"
}
}
]
}
PUT index/_doc/1?pipeline=extract_message
{
"message": {
"a":3,
"b":4
}
}
GET index/_doc/1
That should work.
Thanks for your reply !!
Really helped me a lot !!
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.