I have URL field on my log which i need to group/bucket:
Unfortunately the it has some varying data on it, such as:
https://172.18.10.41/api/v1.0/customer/inquiry/401301018517537
http://182.18.10.41/corp/rest/v1/01/custom/applications/502569/summary
how to change it into:
https://172.18.10.41/api/v1.0/customer/inquiry/userID
http://182.18.10.41/corp/rest/v1/01/custom/applications/ID/summary
for easier aggregation?
on ELK 7.10 Basic
Hi there,
you could use filters aggregation, available both for Lens and Visualize and create filters in kql like:
url : https://172.18.10.41/api/v1.0/customer/inquiry*
url : http://182.18.10.41/corp/rest/v1/01/custom/applications*.
Here's a tutorial that does similar things: Build your first dashboard | Kibana Guide [7.13] | Elastic
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.