Parsing fields containing jason


(Sunil Saini) #1

Hi,

I am using Kibana 4.
I have one field that contains message in Jason format (highlight in yellow in the image).
Field: args = {"orderRequest":{"DeptId":83,"ClassId":4,"ItemId":2478,"StoreType":"ST"}}
What i am looking for, is there a way in Kibana to query something like:
Showing me all distinct DeptId?

DeptId is not a field in elastic. It is part of the json content in args field.


(Jim Unger) #2

What does the mapping look like for your index?


(Sunil Saini) #3

I am not sure what do you mean by mapping for index?
I am using nxlog as forwarder on clients and while sending the logs i am extracting the fields through a regex.
"args' is on of the fields extracted from the log message.

All i am trying to do is create a visualizations that would look like:
image

Since DeptId is not a field, so this may not be possible, i guess. But can i do run time extraction from a json field?
For example, Splunk has a quick and easiest way, all i have to do is add "| spath input=args" to the search query and job is done.


(system) #4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.