Unable to get the timed value from log line or scripted fields on kibana elastic

Hi,

I am using ELK version 6.1.1 with in my Ubuntu 16.04 LTS. The client side of this is for gathering analytics by graph and is already present in angular 4 framework. All the analytical graph visualization are coming from embedded Iframes which changes dynamically whenever duration is changed. I am sending the time duration string inside the iframe graphs urls to get the updated graphs according the duration.

Problem Statement:- I am having some scripted fields which perfom some calculations of the fields got from log line. Now, while creating visualizations according to a duration say 6 months from now, I would need the value of the scripted field which belongs to the start time of the selected duration i.e. of date-time which is 6 months from now. Further using this scripted value (of a particular time) and sum of other scripted fields the visulaization would get complete. Thus the visualization should get updated according to the selected duration i.e. on day, 1 week, 1 month, 6 month etc.

Can anyone please suggest any way of getting the scripted field value which belongs to a specific time and use it in my Kibana visualizations?

Thanks.

What if you compute the fields at index time instead of using scripts at search time?

Sorry, if am sounding too vague but I am not clear about the index time that you are referring to. Can you please explain it briefly?

Instead of indexing a document which does not contain all the fields you need, you can modify your document before indexing it to add the missing fields.
You can use a script processor (look for Ingest script processor in documentation).

This will be then much faster but also will give you much more flexibility to do your queries.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.