There's an index with (message) fields like:
selection xyz finished. elapsed_millis: 73, rows=4
selection shorter finished. elapsed_millis: 165, rows=454
selection another finished. elapsed_millis: 9999, rows=0
Is it possible to select the value after the 'elapsed_millis:' and store it in a new (number) field?
And the same question for the rows value.
Any help is welcome.
Take a look at the reindex API in combination with a pipeline that uses a grok processor to extract that value from the field into it's own field and thus making it searchable and storing it as a number.
hope this helps!
Thank you spinscale!
I've deleted the index and reloaded my data with a grok statements in the filter with success!
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.