Is it possible to extract value of data within a field in Kibana?

Hi,

I am trying to extract value of data with a field, but no luck. Please help. Many thanks in advance.

For example,

1. I run below script to get the data

GET xx-prod-transaction-*/_search
 {
  "query": {
    "bool": {
      "must": [
        {
          "term": {
            "appName": "app1"
          }
        },
        {
          "term": {
            "Transaction-Category": "request"
          }
        }
      ]
    }
  }
}

2. Script returns

{
  "took" : 25328,
  "timed_out" : false,
  "_shards" : {
    "total" : 250,
    "successful" : 250,
    "skipped" : 0,
    "failed" : 0
  },
  "hits" : {
    "total" : {
      "value" : 10000,
      "relation" : "gte"
    },
    "max_score" : 9.945171,
    "hits" : [
      {
        "_index" : "xx-prod-transaction-2022.04.25",
        "_type" : "_doc",
        "_id" : "B8QnY4AB6yZ61111",
        "_score" : 9.945111,
        "_ignored" : [
          "original_message.keyword"
        ],
        "_source" : {
          "Transaction-Id" : "e821e122-1314-415e-bff4-c92445",
          "Transaction-Category" : "request",
          "Transaction-Payload" : "0436R042022042518310200000000000000000000000000000017802100000000005700157                                00055542100M3152018010120220425QD161.73     NA",
         "appName" : "app1",
          "tags" : [
            "FORMATTED",
            "TRANSACTION",
            "PROD"
          ],
          "@timestamp" : "2022-04-25T23:56:41.595Z",
          "App-Id" : "5d277dfddfd8e86e111"
        }
      }

3. I would like to extract a value = "000555421' which is in bold from one of returned fields 'Transaction-Payload'
   "Transaction-Payload" : "0436R042022042518310200000000000000000000000000000017802100000000005700157 00055542100M3152018010120220425QD161.73 NA"

Please help. Thanks.

Thi T.

Hi,

Have you tried runtime fields?

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.