I a trying to parse message field and store its value in a scripted filed

return doc['message'].value;

But the above query gives error ( 3 of 14 shards failed) when in click on Discover:

But the same query works fine for all other fields:

return doc['source'].value;

my actual message field is

message : 2018-12-21 02:31:31,792;INFO ;XSYD.2.5.0.1a5e8-uye1-9d87-8744-5343db306cd8;1;0;;GETCONFPRO;0;

I want to split by ; and get the timestamp

I am very new to ELK .Can someone please suggest how to do that.

Can you please provide some more details about the shard failure message. In Discover, click Inspect. Then click Response tab. Can you provide the contents of the response?

After clicking discover
in the page that opened i did right click -> inspect.
Got response tab in NetworK tab

{"responses":[{"took":5,"timed_out":false,"_shards":{"total":14,"successful":14,"skipped":0,"failed":0},"hits":{"total":0,"max_score":null,"hits":[]},"aggregations":{"2":{"buckets":[]}},"status":200}]}

Capture_response.PNG1916×666 89.2 KB

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.