Hi guys,
I would like to know if there is a way to apply grok filter on a message to obtain several fields and then apply one more time grok filter to extract a subset of information from a field.
currently, collecting the ES slowlog data I'm creating the field query that contains the query executed on ES.
I would like to process one more time my query field to extract another value. is it possible?
regards
Yes, if you extract a field called query using grok you can have a second grok after that that parses [query] into other fields.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.