HI Team,
I have few question and need to know whether its possible to achieve it or not,
i have parsed logs information via logstash to Elasticsearch and index created. i want to extract specific data from my message is that any way is available to achieve it. I know how to achieve this via logstash config and i dont want to change current config of logstash..
You can do this using scripted fields: https://www.elastic.co/guide/en/kibana/current/scripted-fields.html
However, it's highly recommended to use logstash for this, because scripted fields will be significantly slower. This is especially relevant when you are using them in filters.
For Example: i have message and i need to extract user id value in that message. so i can achieve that via above method?
Yes, in the script you can access the current document and use things like regexes to extract things from another string field.
Thanks a lot @flash1293 will work around let you know the status
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.