Hi, I'm wondering if it's possible to do an if do or sed in the queries.
For example,
message: foo
s/foo/bar/g
or something like
if {
message: foo
{
flag:bar
}
}Hi,
Where do you want to do this in queries? in Kibana or elasticsearch?
Thanks,
Bhavya
Hi,
In Kibana or Grafana. Thanks!
Hi,
We don't know in grafana :). But it's definitely possible in Kibana. Kibana runs on elasticsearch. You have multiple ways of querying data in Kibana - using lucene or Kuery in 6.0 - which is Kibana's own query language.
Here are some tutorial examples for it: https://www.youtube.com/watch?v=mMhnGjp8oOI
Here is our Kibana documentation: https://www.elastic.co/guide/en/kibana/current/search.html
Hope this helps.
Thanks,
Bhavya
Hi,
All I see in those two links are about searching though. Nothing about searching and creating additional field with another value if a certain criteria is fulfilled.
Thanks for the help @bhavyarm!
I've decided to use LogStash instead to do what I wanted.
For those curious, I used the below;
if "foo" in [message] {
mutate { add_field => { "flag" => "bar" } }
}
Thank you!
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.