Is there any way to create an additional field without using Scripted field and Logstash?

elasticheart · July 2, 2018, 9:20am

Hi,

I am using ELK GA 6.3.0. In my index, there is a number attribute, currently taking as string. To perform aggregations, I have created a number scripted field like;

return doc['field_a'].value;

This works fine, but utilizes CPU. Is there any way to achieve the same, more efficiently, and without using Logstash?

Thanks.

Christian_Dahlqvist · July 2, 2018, 9:56am

Yes, you can reindex your data and add a new field with correct mapping using the reindex API together with a script or ingest pipeline. To add this on the ingest side for new data, create an ingest pipeline for this as well.

elasticheart · July 2, 2018, 11:17am

Thank you @Christian_Dahlqvist . Could you kindly show me some code to create a pipeline which convert string data in field_a to a number, and store it in field_b in the index my_index-*?

Thanks.

Christian_Dahlqvist · July 2, 2018, 11:42am

Try a pipeline with e.g. a grok processor:

{
  "processors" : [
    {
      "grok": {
        "field": "field_a",
        "patterns": ["%{NUMBER:field_b:int}"]
      }
    }
  ]
}

elasticheart · July 2, 2018, 11:43am

Thanks Christian

Topic		Replies	Views
Add field by reindexing Elasticsearch	8	5440	December 26, 2017
Logstash data transformation or Kibana scripted field? Logstash	3	289	October 20, 2020
Create a Scripted field Elasticsearch	2	331	March 25, 2019
How could I use in ingest pipeline the Logstash translate filter? Elasticsearch	5	1207	February 7, 2021
Scripted fields from Message Elasticsearch	3	326	March 12, 2019

Is there any way to create an additional field without using Scripted field and Logstash?

Related topics