Hi everyone,
Im creating some scripted fields to improve the visualization of the data that comes into Kibana 7.5.
I have a big field that its a JSON, and it has a lot of data, and i want to separate this data in multiple scripted fields. To exemplify, lets say that the JSON looks something like this:
{
"data": {
"data1": "123",
"data2": "plane",
"data3": "car",
......
"dataXX": "321",
}
}
And i want scripted fields to look like this: data1: 123, data2: plane, data3: car, dataXX: 321.
I know that the scripted field doesnt have an API to deal with JSON, so what i do is just use the .substring function to split the string, no problem at all. The thing is, when i use the doc['my_json_field.keyword'].value function only works when the data is small.
To exemplify, i've created the scripted field "data1", you can see the code of this script below, it just copies the data from the field "proxyRequest.message.content"
def data1 = doc['proxyRequest.message.content.keyword'];
return data1;
You can see the outputs below, when i have some big data, and when i have a smaller one (i've hidden the data with this red lines for obvious reasons):
I've tried to use params['_source']['proxyRequest.message.content'], but it doesnt output any data at all.
Any ideias of how to make the doc['some_field'] work for big amounts of data?
Thanks.