How to use DSL to drill down query string message body

Hello guys, I am new here an fairly new to actually using Kibana for searching data and creating visualization board.

I am tasked to Query logs to find out is a sessionID is in plaintext, I am running into problem creating a query that will do just that.

As the sessionID is located in a field called message which has numerous of fields.

The first thing i need to do is to get a handle on the sessionID field in the message body then I need to check if the field is Plaintext vs Ciphertext which also poses a problem.

1. How do I drilled down to match a specific field with a message body ?
2. How would a check the value to see if the value is displaying plaintext ?

Hey @divine, how are you currently ingesting your data into Elasticsearch? Generally, you'll want to extract the these fields on ingest time, and perform any computationally complex calculations then.

If re-ingesting your data isn't possible, you can use Kibana scripted fields to do so on query time.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.