I am trying to define a new scripted index field that will check if a index field starts with a certain value. If so then a certain string value is returned.
if ( doc['request'].value starts with "/MyApp/" ) return "MyApp";
else if ( doc['request'].value starts with "/AnotherApp/" ) return "AnotherApp";
The doc['request'] field is actually the request from an Apache HTTP log. The first portion is always going to be the application name.
In the end, I am trying to determine which application is used the most and with a scripted field like this I should be able to make such a visualization.