Reputation: 753
Calculated fields in elastic search index pattern
I am parsing log files at regular intervals into my ELK system. I am able to parse the files successfully and display the data in Kibana dashboard.
Currently, my data is of the following format "total" : 7080 "approved" : 1001 "pending" : 6079
This data is successfully showing in Kibana dashboard. However, I want to show the values as percentages, like as follows "total" : 7080 "approved-perct" : 14.14% "pending-perct" : 86.86%
Is there any way to add two new fields, approved-perct, and pending-perct to my index pattern?
I am using logstash to parse my log files and send them to elastic search. In my logstash configuration I am using grok filters to get the data in my required format. Kibana version : 7.3.1
I tried going over the following tutorials, but I cannot get any fruitful result https://www.elastic.co/guide/en/elasticsearch/reference/6.4/dynamic-templates.html https://www.elastic.co/guide/en/elasticsearch/reference/current/search-aggregations-metrics-percentile-aggregation.html https://www.elastic.co/guide/en/elasticsearch/reference/current/mapping.html
Upvotes: 1
Views: 2586
Answers (1)
Reputation: 753
I got exactly what I wanted in these links https://www.elastic.co/guide/en/elasticsearch/reference/7.3/search-request-body.html#request-body-search-script-fields
https://www.youtube.com/watch?v=BhmpDtS7g28
Upvotes: 1
Related Questions
- Elasticsearch - How to index a calculated field?
- How to create index pattern for Kibana?
- Displaying calculated fields in Kibana 4
- Compute value on the fly with elasticsearch
- Elasticsearch + Logstash: How to add a fields based on existing data at importing time
- Add math to metrics in kibana
- Kibana Visualization based on multiple fields
- Kibana : count on many fields
- Logstash Filter on Specific Values
- Kibana: Duration between logs and Calculated fields