I am looking at an unindexed field in my kibana. It has all the info wrapped up in a message and that message is not searchable. Is there any way I can parse that JSON formatted message and add fields into that particular log and visualize that log as per my requirement??
Here's the message :
{"number_of_backups": 1, "app_name": "premium_webex_v1__422996", "region": "PAM DOCTOR TO ADD THIS", "data_center": "DFW", "problem_type": "PAM_DOCTOR_MISSING_APP_FROM_appNameToHostNameMappingTable", "id": "premium_webex_v1__422996"}
In order to visualize this data, you'll need to reindex this JSON data as nested fields in your index. You may be able to get some useful visualizations by adding scripted fields but the performance will be bad if this data is of any significant size and you will be limited in what you can do with it.
Rather than using the built index to retrieve data, a scripted field will have to run the script for every document in the index on the fly. If you have many thousands of documents this will be much slower than actually indexing the data up front.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.