Please help me to create a scripted field in Kibana?

Hi Experts,

I want to create a scripted field in kiaban . Requirement is to show count of all the logs which does not have "catdt" field .

Let me explain it further , few of my logs does not have "catdt" field in it , so I need to count those logs.

So my plan is to create a scripted field , which I'll use with the count matrix .

Please help

Something like {"constant_score" : { "filter" : {"bool" : {"must_not" : [{"exists":{"field":"catdt"}}]}}}} but how to write this in scripted filed , that is the challenge for me ?

Hi,

I don't think scripted fields in Kibana can do things like aggregation. They can only manipulate the value in a field of a doc. Something like dividing bytes by 1024 to get k bytes.

But you can create a filter in Kibana to get logs that do not have "catdt".

Here's the test I did (on Kibana 4.4.1);

1. I exported 1 day's logstash data (I used elasticdump)
2. I changed that data to insert a new field like "newfield":9999
3. I imported that data back in using elasticdump (there's probably an easier way with curl get and put or post)
4. I went to Kibana Settings tab, noted by field count was 85, refreshed my logstash-* index pattern, noted the field count went up to 86
5. On Discover tab, changed by time range to only include that 1 date that had the modified doc with "newfield". This range had 128 hits.
6. on left field list, I clicked on "newfield". This expands the field to show 2 magnifying glasses with + and - in them.
7. click the - magnifying glass. Now I have 127 hits (all the ones that don't have my new "newfield")
8. I can toggle that filter to + and now I get 1 hit.