Hi Team,
I have below user-agent column in Elastic doc
tag.http@user_agent - Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.157 Safari/537.36
I want to split this user-agent data in below column and want to store this data in same index.
"os" :
"name" : "Mac OS X",
"name" : "Chrome",
"device" :
"version" : "74.0.3729"
Please suggest.
Thanks & Regards,
Jalpesh
Have a look at https://www.elastic.co/guide/en/elasticsearch/reference/current/user-agent-processor.html
Hi David,
Thanks for reply.
I have tried user-agent-processor , on static data it's working fine.
But in real time how can we implement this to segregate user_agent.name Chrome , user_agent.os.name, user_agent.os.version in different column ?
Currently we are getting real-time stream data of user-agent column in ES index .
We want to store processed data in same index.
Thanks & Regards,
Jalpesh
That's the goal of the ingest pipeline: process your data as soon as you want to index documents.
I don't understand why this would not work for you.
Hi Dadoonet,
Can you help how to configure for Real-time data ?
Example will help !!!
Please find below dev tool command please suggest .
Pipeline definition
PUT _ingest/pipeline/user_agent
{
"description" : "Add user agent information",
"processors" : [
{
"user_agent" : {
"field" : "agent"
}
}
]
}
Input index to pipeline as below :
PUT jaeger-span-2020-05-29/_doc/_id?pipeline=user_agent
{
"agent": "http@user_agent"
}
http@user_agent is a column in Elasticsearch.
_id is a doc id
1 Sample input :
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.157 Safari/537.36
please suggest.
Please don't post images of text as they are hard to read, may not display correctly for everyone, and are not searchable.
Instead, paste the text and format it with </> icon or pairs of triple backticks (```), and check the preview window to make sure it's properly formatted before posting it. This makes it more likely that your question will receive a useful answer.
It would be great if you could update your post to solve this.
Post updated.
Could you please format it as I mentioned?
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.