Re: Returning partial strings in Kibana visualisation
{"script": "_value.substring(0,8)"} works for you, needing groovy sandbox
enabled.
On Wednesday, April 29, 2015 at 9:39:33 PM UTC+8, Stuart Kenworthy wrote:
>
> I have a number of different load injector boxes and processes that
> generate load through our system under test. The tool in use produces
> masses of logs out but none of it is easily accessible or readable. I am
> therefore using ELK to process the loads with success, however, presenting
> some of the data is problematic.
>
> The process names have a structure of:
>
> __Stress_Thread_
>
> but there are around 180 of them. Each process thread generates 1 of 11
> different message types. The message types are only distinguishable using a
> 10 character substring within a field containing strings and semi_colon
> delimited text and generally in the same location (between character 60 and
> character 70.
>
> In elasticsearch none of these fields are analysed as this makes the
> queries and results even messier in Kibana and poses the same problem when
> choosing analysed elements of a field (only picking element 1&2 or 10-12).
>
> When aggregation is done on either of these fields, "message type" is
> presented as the long string in the visualisation key with only the first
> 10-15 characters showing, and "process name" resutls in all 180 processes
> rather than the 7 process types.
>
> These processes are likely to change over time as we introduce new test
> scenarios and message types so I do not want to hard code them in just in
> case we miss something.
>
> Is it possible to have elasticsearch return substrings, partials, lefts,
> rights etc of a field and group them as such rather than the entire field
> content so all _a are grouped together and *A* are
> grouped together? Ideally without code edits to either elastic or kibana?
> Something in JSON Input such as { "field_length": 10 } or {
> "partial_start": 60, "partial_for": 15 } would suffice.
>
> This is akin to renaming keys, columns and rows.
>
> Thanks
>
--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to elasticsearch+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/266c13a5-6a95-4aea-bd3e-1e7edf6eb977%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Re: Is it possible to rename a field in ES?
Or can I add an alias for 'foo'? On Saturday, September 17, 2011 at 5:59:11 AM UTC+8, kimchy wrote: > > Yes, once a field is set, there is no way to rename it. > > On Fri, Sep 16, 2011 at 10:16 PM, Dan Young > wrote: > >> I believe you'll need to reindex. >> >> >> >> On Fri, Sep 16, 2011 at 1:13 PM, datadev > > wrote: >> >>> Suppose I create an index X with type Y and add 100,000 documents >>> containing a field 'foo'. >>> >>> Is there a command I can use to atomically rename the field name from >>> 'foo' to 'bar', or would I have to reindex all 100,000 documents with the >>> new field name? >>> >>> Thanks. >>> >> >> > -- You received this message because you are subscribed to the Google Groups "elasticsearch" group. To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/b8eb7181-bf2c-4367-bb7c-dc3f1244765e%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: SQL to query data from ElasticSearch
https://github.com/NLPchina/elasticsearch-sql/ This should be your choice i believe. On Wednesday, December 26, 2012 at 8:56:03 PM UTC+8, Vaidik Kapoor wrote: > > Hi, > > I am looking for a solution to query data indexed in ElasticSearch using > SQL-like language instead of the ElasticSearch REST API. The solution may > be something built on top of the the REST API but what I really need is > just an interface to query data using SQL or something close to SQL without > having all the features of it. > > The reason why I want something like this is because I am working on a > project wherein I need to expose querying data from ElasticSearch to a very > small subset of users, who are developers. Since they are developers, SQL > comes more naturally to them and working with it is rather easy as compared > to learning a new interface for querying data. > > Thanks, > Vaidik > -- You received this message because you are subscribed to the Google Groups "elasticsearch" group. To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/44088862-c37f-4f19-bc86-7e8485f8165d%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
