diff --git a/docs/reference/scripting.asciidoc b/docs/reference/scripting.asciidoc index 37373d5c5443..170d01512cac 100644 --- a/docs/reference/scripting.asciidoc +++ b/docs/reference/scripting.asciidoc @@ -53,6 +53,8 @@ include::scripting/painless.asciidoc[] include::scripting/using.asciidoc[] +include::scripting/common-script-uses.asciidoc[] + include::scripting/fields.asciidoc[] include::scripting/security.asciidoc[] diff --git a/docs/reference/scripting/common-script-uses.asciidoc b/docs/reference/scripting/common-script-uses.asciidoc index 0c07cfcd1005..93627cd2f54b 100644 --- a/docs/reference/scripting/common-script-uses.asciidoc +++ b/docs/reference/scripting/common-script-uses.asciidoc @@ -1,12 +1,14 @@ [[common-script-uses]] -=== Common scripting use cases +== Common scripting use cases You can write a script to do almost anything, and sometimes, that's the trouble. It's challenging to know what's possible with scripts, so the following examples address common uses cases where scripts are really helpful. +* <> + [[scripting-field-extraction]] -==== Field extraction +=== Field extraction The goal of field extraction is simple; you have fields in your data with a bunch of information, but you only want to extract pieces and parts. @@ -73,7 +75,7 @@ POST /my-index/_bulk?refresh [discrete] [[field-extraction-ip]] -===== Extract an IP address from a log message (Grok) +==== Extract an IP address from a log message (Grok) If you want to retrieve results that include `clientip`, you can add that field as a runtime field in the mapping. The following runtime script defines a grok pattern that extracts structured fields out of the `message` field. diff --git a/docs/reference/scripting/using.asciidoc b/docs/reference/scripting/using.asciidoc index e235dcb210aa..8c3c372032d8 100644 --- a/docs/reference/scripting/using.asciidoc +++ b/docs/reference/scripting/using.asciidoc @@ -566,4 +566,3 @@ DELETE /_ingest/pipeline/my_test_scores_pipeline //// -include::common-script-uses.asciidoc[]