hi,
i want make three new field that capture alert, source address and destination address from message field. anyone can help me how to do it. i have try using runtime field, but i cannot extract the value from the message using emit(doc['message'].value) and getting match_only_text fields do not support sorting and aggregations error.
Does the message.keyword field exist on your dataset? You can try using that to fix the error.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.
