Hello!
I am trying to separate in fields the useragent information, i've followed instructions from
Everything looks good, but when i check in kibana frontend, everything is still on same line, not separated as expected.
root@elastic-master /usr/share/elasticsearch # curl -X PUT -u elastic:************"192.168.56.202:9200/_ingest/pipeline/user_agent?pretty" -H 'Content-Type: application/json' -d'
{
"description" : "Add user agent information",
"processors" : [
{
"user_agent" : {
"field" : "agent"
}
}
]
}
'
{
"acknowledged" : true
}
root@elastic-master /usr/share/elasticsearch # curl -X PUT -u elastic:***************** "192.168.56.202:9200/my-index-000001/_doc/my_id?pipeline=user_agent&pretty" -H 'Content-Type: application/json' -d'
{
"agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36"
}
'
{
"_index" : "my-index-000001",
"_type" : "_doc",
"_id" : "my_id",
"_version" : 1,
"result" : "created",
"_shards" : {
"total" : 2,
"successful" : 2,
"failed" : 0
},
"_seq_no" : 0,
"_primary_term" : 89
}
root@elastic-master /usr/share/elasticsearch # curl -X GET -u elastic:************* "192.168.56.202:9200/my-index-000001/_doc/my_id?pretty"
{
"_index" : "my-index-000001",
"_type" : "_doc",
"_id" : "my_id",
"_version" : 1,
"_seq_no" : 0,
"_primary_term" : 89,
"found" : true,
"_source" : {
"agent" : "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36",
"user_agent" : {
"original" : "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36",
"os" : {
"name" : "Mac OS X",
"version" : "10.10.5",
"full" : "Mac OS X 10.10.5"
},
"name" : "Chrome",
"device" : {
"name" : "Mac"
},
"version" : "51.0.2704.103"
}
}
}
It works only on new index, but on existing it won't, or i am supposed to check tomorrow on new indicies?