Below is the message that is captured in my logs and, as of no values/fields are getting extracted.
{"browser":"Edge","id":766415199,"status":"SessionCreated"}
Can I use JSON Input under Kibana visualization to extract each value and create a tabular visualization without extracting these fields ?
It sounds like what you want is to use a Scripted Field in Kibana. Note that you cannot do aggregations on scripted fields, but you can use them to filter on.
If you do need to do aggregations, I recommend using a Ingest Pipeline in Elasticsearch which allows you to modify data before it is ingested. Once you have this working, you can reindex all of the documents to re-process the existing docs that were created before you configured the pipeline.
Due to our current project permissions, I won't be able to add scripted fields under Kibana. Just wanted to know if Json Input can be similar to scripted fields so that the fields are only created/generated at visualization time.
Just wanted to know if Json Input can be similar to scripted fields so that the fields are only created/generated at visualization time.
This is correct, you can use the JSON input to add a scripted field "on the fly" to your visualization. You can find an example of this in my comment here:
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.