Slashes in a JSON field - can't visualize on sub-fields

Patryk_Miszczak · August 17, 2018, 11:59am

Hello, I have been using Kibana for a couple days for now and i've ran into an issue with handling a JSON field that gets interptreted as a string somehow. Here is a peek into usual logs:

The log field should work as a JSON-field, but when you look ath the raw data it is littered with backslashes from previous sources:

I can't visualize on any of the sub-fields nor process it any further.

What should i do about it ? Is it possible to solve it using pure Kibana features ? Do i need to install a plugin or tamper with whole efk stack ? Or should I rather fix the data at its source (this solution isn't preferrable due to security issues) ?

azasypkin · August 17, 2018, 12:23pm

Hi @Patryk_Miszczak,

As suggested here, you'd better properly re-ingest your data so that log field is indexed as an object, not as a string.

If it's something out of your control and you need to extract just some fraction of the data from log field you can create a scripted field and use Painless API to extract the data you need. Painless doesn't support any specific JSON functionality, but you can use String functions like indexOf and substring to extract pieces you're interested in.

Thanks,
Oleg

Topic		Replies	Views
Kibana - Split Json field shows as one long string Kibana	2	703	February 16, 2020
How to remove backslash from weird formatted json Logstash	5	5389	August 18, 2021
Unable to see the Json data as fields in kibana Kibana	5	1327	July 25, 2018
如何去掉kibana显示中json中的\ Logstash	1	333	October 20, 2021
Kibana displays JSON field with "?" in front, but its searchable and acts like seperate fields Kibana	3	335	July 26, 2019

Slashes in a JSON field - can't visualize on sub-fields

Related topics