Using scripted fields in kibana to create a new field by parsing an existing message field

saikrishnagaddipati · January 23, 2018, 5:58am

Hi I am using Kibana 5.6.4,
I have two fields in the documents as below
message: The WMI Performance hostWiley 0 down
beat.hostname: hostWiley
I want to create scripted field in kibana which can parse the message field and create a new field called error: 0(i,e with the 5th value in the message field "0")
my below painless script is not giving the expected result, it just throws failing shards error. Is the below syntax correct?

m = /^(?:\S+\s){4}(\S+)/.matcher(doc['message'].value);
if (doc['beat.hostname'].value == hostWiley) { 
   return m
}

Nathan_Reese · January 24, 2018, 3:52pm

I would recommend pulling this data out at ingestion time with Logstash.

Nathan

system · February 21, 2018, 3:52pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
New scripted fields causes shards failed Kibana	4	1040	April 9, 2020
Scripted Field Error Kibana	11	2907	December 3, 2018
Can not create script field by using regex in kibana Kibana	3	1044	October 16, 2020
Kibana Scripted Fields (add fields) Kibana	6	3405	March 25, 2020
Scripted field in kibana (painless) Kibana	2	267	July 15, 2020

Using scripted fields in kibana to create a new field by parsing an existing message field

Related topics