I am working on a way to be able to pull an area of data which is shown in a field. I would like to be able to run a scripted field to be able to pull out the intended data and to create a new field with it. But still keeping the original field as is.
for example with the data that I have been using to create this template is below (e.g. GET request):
GET /example/of/request/to/get/XXXXXXX-xxxx-XXXXX/to/create/new/field
So, from this, the data that I am trying to retrieve and create a new field is from the "Request" - the original field. To pull out the ID - "XXXXXXX-xxxx-XXXXX" and to great a new field called "ID" - new field.
Would this be better using scripted fields or would this be better with a grok or sort of filter in a Logstash conf?
Hey @mattkime,
Thanks for your help and for the link!
So far in my .conf file for Logstash, it takes the file that is in question with the data in it (the GET request) and uses filtering to breakdown the structure of the file. This is already in place to be able to put the data into different fields.
Following this and with the data being in Kibana, would there be a way, with using scripted fields, to be able to select the "Request" field and to great another field with the data acquired? So to pull the "XXXXXXX-xxxx-XXXXX" data (From the "Request" field) and put it into a new field.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.