Hi ,
How can we created the scripted field(datetime) from "message" field. Please find the sample input
{
"_index": "abcd",
"_type": "doc",
"_id": "abcd",
"_version": 1,
"_score": null,
"_source": {
"@version": "1",
"@timestamp": "2019-02-12T06:55:09.182Z",
"message": "[INFO] SYSLOG->|datetime:20190212154454+0530|hostname:abcd|threadId:abcd(main)|userId:null"
}
You should really parse this out before you index it into Elasticsearch, e.g. using Logstash or an ingest node pipeline, as that will perform and scale much better.
I am using logstash file , but in that file we are having so many grok patterns (In our application we are having so many log statements , for each statement we are having one pattern) . Can we achieve this using scripted fields . Because if any new fields adding in logger level , we need to change the grok pattern , that is bit challenge for us , because we are having so many patterns.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.