Converting Visualizations from our old Splunk system to Elastic. What we are looking at doing is taking the string length of a field.keyword and then visualization the length to the count. So far I have not found a way in the query to extract the length. I have created a scripted field that gives that creates a field and sets the string length. Run into two problems with that. I was told this is the wrong way to do this, and more important when I try to graph the length values even though they show up in discover nonthing will show up when trying to visualize it.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.