What is the recommended way to add a field after the log is collected into elasticsearch?
Situation is that lets say at first you are unsure which fields you want to use in the visualize but just want to collect logs. But after a while you find out the field you want to parse.
Of course amending logstash configuration is the best way but I am seeking any other efficient way to do it.
That is the best way.
You can add one via Console if you really want, but it's not efficient.
Is scripted field be the way from Console?
https://www.elastic.co/guide/en/kibana/current/console-kibana.html
Basically doing an update request on a document.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.