I am using Kibana 4.
I have one field that contains message in Jason format (highlight in yellow in the image).
Field: args = {"orderRequest":{"DeptId":83,"ClassId":4,"ItemId":2478,"StoreType":"ST"}}
What i am looking for, is there a way in Kibana to query something like:
Showing me all distinct DeptId?
DeptId is not a field in elastic. It is part of the json content in args field.
I am not sure what do you mean by mapping for index?
I am using nxlog as forwarder on clients and while sending the logs i am extracting the fields through a regex.
"args' is on of the fields extracted from the log message.
All i am trying to do is create a visualizations that would look like:
Since DeptId is not a field, so this may not be possible, i guess. But can i do run time extraction from a json field?
For example, Splunk has a quick and easiest way, all i have to do is add "| spath input=args" to the search query and job is done.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.