I'm looking for messages with 'mydomain.tld' homepage address only.
Now i get this result:
where "path" is random uri
How to get below result without photoshop?
where "path" is random uri
The message field looks like an analyzed field so that is the proper result for your query.
Solution would be to parse the message field and create a new field that contains just the URL as a keyword field.
I did so in logstash, but I wanted to know if this could be done only by kibana
you could do a scripted field that parses the message field, but that's for debugging. For production purposes it will be slow.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.