From a index, There are multiple CEF messages in it. Is there a way to pull certain key/values from each ?
"processEvent/timestamp": "2019-03-27T02:35:08.039Z", "processEvent/startTime": "2019-03-27T02:35:08.039Z", "processEvent/process": "tasksche.exe"
Like pull processEvent
procesevent/startTime
and processevent/process
i only have GET myindex/_search
{
"query": {
"match": {
}
}
}
Hi, your question is really unclear because none of the formatting came through correctly. Try using the code formatting around verbatim text, with the icon that looks like </>
It looks like what you are asking about is Source Filtering in Elasticsearch: https://www.elastic.co/guide/en/elasticsearch/reference/current/search-request-source-filtering.html
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.