Kibana -Quering inside message body having field json object type

Hi Team, i have file beat index having field "body" which contains the json objects.
I want to query on the properties of the body and create labels for the same. Below are the sample data.i need my result to be filtered on below business logic's for e.g. a) body.operation = "insertStaticRecord" and body.table ="globalDialogs".
b) body.query.id= "my Val" or body.query.Name ="iChronos".
bottom line is that i can query inside my body object in the kibana. Also attaching my kibana screenshot.

Kindly let me know the best way to do this. I have gone through the Query DSL but not able to find any concrete solution.
Any help would be appreciated.

Sample body content:-

1. body {
   "operation": "insertStaticRecord",
   "table": "tenantConversations",
   "query": "{"_id":"5caed9a080a55837e0765cf1","Name":"iChronos","URL":"ichronosdev","GlobalConversationsDir":"ApttusSFDC","AvailableConversations":[{"Intent":"greet","Standard":true,"StandardDialogs":,"Sequence":["login","timePhraseHandler","clearConversationDialog"]},{"Intent":"lookupAgreement","Standard":true,"StandardDialogs":,"Sequence":["login","timePhraseHandler","clearConversationDialog"]},{"Intent":"help","Standard":true,"StandardDialogs":,"Sequence":["login","timePhraseHandler","clearConversationDialog"]},{"Intent":"lookupQuote","Standard":true,"StandardDialogs":,"Sequence":["login","timePhraseHandler","clearConversationDialog"]},{"Intent":"lookupOpportunity","Standard":true,"StandardDialogs":,"Sequence":["login","timePhraseHandler","clearConversationDialog"]},{"Intent":"updateAgreementField","Standard":true,"StandardDialogs":,"Sequence":["login","timePhraseHandler","clearConversationDialog"]},{"Intent":"followupAction","Standard":true,"StandardDialogs":,"Sequence":["login","timePhraseHandler","clearConversationDialog"]}],"loadedBy":"pranjan","timestamp":"2019-04-11T06:07:28.808Z"}",
   "startTime": 1556866541603
   }

body {
"operation": "insertStaticRecord",
"table": "globalDialogs",
"query": "{"_id":"5caed9ab80a55837e0765e44","dialogId":"help","dialog":"import {ConversationStack} from \"../../core/conversationStack/conversationStack\";\r\nimport {CommonUtils} from \"../../core/utils/CommonUtils\";\r\nimport {String} from \"../../core/string/string\";\r\nimport {Session} from \"../../session/Session\";\r\n\r\nlet dialog: any = [\r\n async function f1(session: Session): Promise {\r\n console.log(\"Reached Function 1 of Help Dialog\");\r\n let helpText: string = await String.get(session, \"UnknownInput\");\r\n if (helpText == \"\")\r\n helpText = \"Sorry, I didn't understand that\";\r\n CommonUtils.promptMessage(helpText,session);\r\n return ConversationStack.clearConversation(session);\r\n // return ConversationStack.endDialog(session);\r\n }\r\n];\r\n\r\nmodule.exports = dialog;","loadedBy":"pranjan","timestamp":"2019-04-11T06:07:28.810Z"}",
"startTime": 1556866541495
}

To do anything useful in Kibana with that data you're going to need to change your filebeat configuration and re-ingest the data so that you have the fields in the body at the top level as individual fields. Kibana isn't going to be able to do much at all with all the data nested inside one field besides search for strings.

When properly configured, you should have a lot of fields with values, something like this;

image.png622×1489 79.3 KB

If you need help configuring filebeat you can post a question on that forum.

Regards,
Lee

Appreciate the response. As discussed,i will post further questions on filebeat forum.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.