Unable to create a new Field in Logstash ElasticSearch please help

hello sir,

I really need an help, I'm new to elasticsearch Kibana but learnt in recent days to understand terms used.
I have a Index name "logstash-*" which receives logs constantly, my task is to filter from all logs in field "message" which contains "Incoming Message" and save those results in another(new field) should display those results.

my try's was:
1)create a field name "incoming messages"
2)enabled set value ,
if(doc.containsKey('Incoming Message:.')) {
3)Result is NULL(blank) in the field.

I understood my script is somewhere wrong, my expectation is checking "message" field if it contains "Incoming Message:" word then those should print in my new field. so if i select new field can able to view filtered data apart from querying everytime.

thanks a lot,

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.