I have no knowledge of JSON format so this may not be possible. Please let me know if it is/isn't possible.
My issue is that I have a field called logMessage. A sample of what is stored in there looks like this:
Starting process 'the_process' with parameters 'some parameters'
What I want to do for my pie chart visualization is split on the logMessage field and pull out the part that is in the first single quotes (the_process) and display those fields on the pie chart with the count.
My answer at Is it possible to split discovery message field? applies to this question too. The best way to do this would be with a pre-processor like logstash, which would split out the parts of that message and store them in elasticsearch as different fields. If that isn't an option, or you just want something to work in the short term you can use a scripted field to extract just the part of the text that you want.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.