github-mirrors/elasticsearch
1
0
Fork 0
mirror of https://github.com/elastic/elasticsearch.git synced 2025-04-25 15:47:23 -04:00
Code Issues Projects Releases Packages Wiki Activity

[DOCS] Swap event.original for message

Browse source
This commit is contained in:
James Rodewig 2021-04-06 06:51:58 -04:00
parent 17e3971f57
commit 07e9c6aca4
1 changed files with 2 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

4
docs/reference/how-to/use-elasticsearch-for-time-series-data.asciidoc
View file

@ -111,7 +111,7 @@ GET my-data-stream/_search
"source.ip": { "source.ip": {
"type": "ip", "type": "ip",
"script": """ "script": """
String sourceip=grok('%{IPORHOST:sourceip} .*').extract(doc[ "event.original" ].value)?.sourceip; String sourceip=grok('%{IPORHOST:sourceip} .*').extract(doc[ "message" ].value)?.sourceip;
if (sourceip != null) emit(sourceip); if (sourceip != null) emit(sourceip);
""" """
} }
@ -168,7 +168,7 @@ POST my-data-stream/_async_search
"source.ip": { "source.ip": {
"type": "ip", "type": "ip",
"script": """ "script": """
String sourceip=grok('%{IPORHOST:sourceip} .*').extract(doc[ "event.original" ].value)?.sourceip; String sourceip=grok('%{IPORHOST:sourceip} .*').extract(doc[ "message" ].value)?.sourceip;
if (sourceip != null) emit(sourceip); if (sourceip != null) emit(sourceip);
""" """
} }