I would like to create a visualisation on Kibana that aggregate documents by a specific field. However the existing field (lets call it interaction_name) is built as follow :
Name_Interaction | Number
I want to create a new field that contains only the Name_Interaction (delete "| Number") to allow the aggregation by this new field.
How can I do that, without creating the field in my database? Is there a function regexp that I can implement in the Console and update the index ?
There's a couple of possible solutions for your issue. But I think it depends on if you're still loading additional data for this index (or index pattern in Kibana).
If you're not loading additional data, I think you can add a field and re-index the existing data and use a script to split the interaction_name field into it's own name_interaction field. You would have to run this every time more data was loaded.
If you're loading additional data, you would probably want to change the process loading the data into Elasticsearch to load name_interaction as a separate field.
And lastly, you could create a scripted field in Kibana to split out the data you want. Here's a blog post about that;
(look for the "Return substring" example).
I would probably try the Painless scripted field in Kibana first. If you decide to re-index data into Elasticsearch you might end up re-using the Painless script in that operation anyway.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.