Hi
i define a scripted field that separates IP address from a message and between two IP select one of them. this field really decrease my performance and when i want to see a visualize in 7 days, it show timeout error and doesn't refresh it.
of course i increase timeout variable from 30000 to 800000 but it dint solve my problem.
my elastic and kibana server are single node
its so emergency.plz help.
Doing complex parsing at query time can be expensive, so I would recommend performing this processing at ingest time and storing the IP address in a separate field.
1 Like
Thanks for your reply.
but how can do it in ingest time?
Parse it out before you index the data, e.g. using Logstash or an ingest node pipeline. It all depends on how you are currently indexing data into Elasticsearch.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.