I am new to ES. I have a log message coming and I want to extract some field:
{"msg":"Certificate is going to expire in 1088 Regenerate the same","days_left":1088}
I would like to check if the date is less than 60. Is there any way this can be handled using any regex query?
At first you need to save the day_left as a field in ES document and later you can use the range query in ES to check the condition
Will it not work without having it in the document? This whole json is coming in Kibana as part of only the log message. if I search for "days_left: 1088" I get the desired field. But the value will change tomorrow. So, I cannot hardcode my search string.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.