Hello, I have been using Kibana for a couple days for now and i've ran into an issue with handling a JSON field that gets interptreted as a string somehow. Here is a peek into usual logs:
I can't visualize on any of the sub-fields nor process it any further.
What should i do about it ? Is it possible to solve it using pure Kibana features ? Do i need to install a plugin or tamper with whole efk stack ? Or should I rather fix the data at its source (this solution isn't preferrable due to security issues) ?
As suggested here, you'd better properly re-ingest your data so that log field is indexed as an object, not as a string.
If it's something out of your control and you need to extract just some fraction of the data from log field you can create a scripted field and use Painless API to extract the data you need. Painless doesn't support any specific JSON functionality, but you can use String functions like indexOf and substring to extract pieces you're interested in.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
