Map Elasticsearch field to predefined list

luke14 · March 18, 2019, 9:29am

Hi

So I have question about how best to approach a problem I need to solve. In one of my indexes within ES I have the field:

user.id: U123456

This is great, however I have a list of username associated with user id's. So

U123456 = John

In kibana is there a way of just mapping this in the presentation layer? Do I have to add an if statement into my logstash and then add a new field in ES with the user.name field?

Whats the best way of doing this, which is manageable?

The data does not contain the username as is currently.

Thanks

warkolm · March 18, 2019, 9:38am

The best option is to do it during ingestion, so Logstash.

luke14 · March 18, 2019, 9:40am

Thanks for the reply,

Okay I will add some new logic to create a new field in logstash.

Thanks

system · April 15, 2019, 9:40am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Map elasticsearch field to different field Elasticsearch	1	388	February 2, 2020
Can't rename a field to user.name Logstash	6	1783	April 8, 2020
Add existing fields to my logstash Logstash	9	842	October 19, 2021
Best way to add a field as "sessionize" of another field+date Elasticsearch	3	577	July 5, 2017
JSON parsing creates a field for each user Kibana	6	703	September 4, 2018

Map Elasticsearch field to predefined list

Related topics