Hi,
I am trying to extract value of data with a field, but no luck. Please help. Many thanks in advance.
For example,
- I run below script to get the data
GET xx-prod-transaction-*/_search
{
"query": {
"bool": {
"must": [
{
"term": {
"appName": "app1"
}
},
{
"term": {
"Transaction-Category": "request"
}
}
]
}
}
}
- Script returns
{
"took" : 25328,
"timed_out" : false,
"_shards" : {
"total" : 250,
"successful" : 250,
"skipped" : 0,
"failed" : 0
},
"hits" : {
"total" : {
"value" : 10000,
"relation" : "gte"
},
"max_score" : 9.945171,
"hits" : [
{
"_index" : "xx-prod-transaction-2022.04.25",
"_type" : "_doc",
"_id" : "B8QnY4AB6yZ61111",
"_score" : 9.945111,
"_ignored" : [
"original_message.keyword"
],
"_source" : {
"Transaction-Id" : "e821e122-1314-415e-bff4-c92445",
"Transaction-Category" : "request",
"Transaction-Payload" : "0436R042022042518310200000000000000000000000000000017802100000000005700157 00055542100M3152018010120220425QD161.73 NA",
"appName" : "app1",
"tags" : [
"FORMATTED",
"TRANSACTION",
"PROD"
],
"@timestamp" : "2022-04-25T23:56:41.595Z",
"App-Id" : "5d277dfddfd8e86e111"
}
}
- I would like to extract a value = "000555421' which is in bold from one of returned fields 'Transaction-Payload'
"Transaction-Payload" : "0436R042022042518310200000000000000000000000000000017802100000000005700157 00055542100M3152018010120220425QD161.73 NA"
Please help. Thanks.
Thi T.