Parse a Json Field in a visualization

I have a large group of data in Kibana that takes the form of below:

// C:\Users*\AppData\Local\FluxSoftware\Flux\flux.exe
// C:\Users*\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe

Where * is a username. I would like to track the count of each of these files based on the hostnames associated (in the same log) and return all files (not including path, so "flux.exe" or "OneDriveStandaloneUpdater.exe") that are found on 3 or less unique hosts.

The issue I am having is determining a way to filter C:\Users*\AppData\Local\FluxSoftware\Flux\flux.exe down to "flux.exe" to be able to create a visualization on it. Is there a good way to do this inside of kibana?

You could try to create a scripted field to extract the the path but the better solution is to exact the path during ingest.

Hello Nathan,

Thank you for the quick response. After reading about Scripted fields it appears that it is only used for Computational data and doesn't allow me to split a field (essentially). Allowing data to be manipulated inside of Kibana seems like it would be a pretty common use case.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Looks like @Nathan_Reese missed you're response. Actually scripted fields using the painless scripting language can parse and manipulate strings. If you still need help with it let me know.

Regards,
Lee

There's actually a similar example if getting the last \ in a path here;