I am a newbie to ES/Kibana/logstash and still getting my feet wet.
I could be missing something obvious but I haven't come across a way so far
to extract a field at search time i.e., without setting up a
grok{}/grep{}/similar filter in logstash. The grok{} filter is great for
an event format that we know the structure but it isn't always practical to
setup filters for all interested fields ahead of the time.
As an example, one of the events I am working on has the following format:
Trigger: LOGON Start Time: 2014-02-24T04:42:28 End Time:
2014-02-24T04:42:31 Duration: 2918ms.
I wanted to graph on the Duration value i.e., 2918 and would like to
extract it. I setup a grok{} filter and was able to extract it but given
that the extraction is index-time, only future events gets the field
indexed.
I am wondering if someone knows a way/have a suggestion on how to:
- extract a field of interest at search time
- refresh an index when a new grok{} filter is added and a new field
extracted
Appreciate your help!
--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/27edad95-a6f3-4729-ba05-6171a1ed6920%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.