I am trying to create a Data Table visualization where random text from a search string is grouped to show the count of how many times it has occurred.
As a simplified example my saved search returns:
"Certificate is: ACDE, authenticated"
"Certificate is: XYLMz, authenticated"
"Certificate is: NNR, authenticated"
"Certificate is: ACDE, authenticated"
"Certificate is: EEFFFFFF, authenticated"
"Certificate is: ACDE, authenticated"
"Certificate is: NNR, authenticated"
Is there a method to determine where that text will be in the string?
For the example you can use a scripted field to get the substring that is the desired text and then you can just make a data table with a Split by Terms on the scripted field.
I think you are right, i came to that conclusion too while i was reasearching the documentation. However I cannot actually try scripted fields yet, the organization I work for has disabled our rights to use them..
You could get away with it if the field was analyzed. Create a data table on the field that is analyzed and then filter out the terms that are common in the string, if they are a known quantity. Otherwise you're only chance would be to process the field at document ingest time and then create a field for that random text.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.