i have used:
split{
field=>"[doc][msgs]"
}
and This worked, as it created event for each element in array, so whether element would exists or not a field would be created in kibana and the value will be null if elements doesn't exists and a value will be there if element exists.
This is what i want.
and why you are disagree with use of split?
and one more question.
1)I am stucked with creating LINE GRAPH for ElapsedSeconds.
"Trace": {
"ElapsedSeconds": 0.3787265,
"Path": [{
"NodeId": 0,
"ElapsedSeconds": 0.3787265,
"Type": "Gateway",
"Value": "GAT"
}]
}
i have extracted this [doc][msgs][responsetransaction][response][trace][elapsedseconds] to a field and creating line graph which should display a graph which show the real time up down of elapsed seconds in every thirty minutes.
For this , In Y-Axis I have used metric aggregation TOP HIT and terms : [doc][msgs][responsetransaction][response][trace][elapsedseconds](This field) and in X-axis i have used date histogram and set cutom time 30 minutes but it didn't worked.
As on y axis it is not displaying the values.?
if you understand what i said please suggest some opinion over it too.
THANKS 