Newbie Kibana/elasticsearch/fluentd user here. Long-time Splunk power-user.
One of the things I find myself doing all the time in Splunk is working
with ultimately unstructured data and, as I need to, extracting a field
from search events matching my current search so I can subsequently chart
that field or do something interesting with it. For example:
invalid_session | rex "ID: (?<msg_id>.*)" | stats dc(msg_id) by host
So, here I'm using the "rex" command to ad-hoc extract a "msg_id" field
which I can subsequently use in another command (here, counting the
distinct msg_id by host).
Is there any way to do this with Kibana? This is hugely valuable when
day-in/day-out you're dealing with unstructured data of one sort or another
(too many to setup field extractions for!).
Thanks in advance!
Notice: The information contained in this message or any attached
document is confidential and intended only for individuals to whom it is
addressed. If you got this message in error, please inform me immediately
using one of the methods above. In some cases, I may ask you to return the
documents at my expense. In general, please simply destroy the information
at once. Any unauthorized use, distribution, or copying of this information
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to firstname.lastname@example.org.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/49e1df0a-1707-42be-aeac-f63c90ce52dd%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.