...
If we give an idea about the values of the two fields, our test lab shows the following variation for the fields ACTION and STATUS respectively.
Data Requirements
...
The following two painless scripted fields need to be created against the index pattern "logstash-*".
| Field Name | Type | Script code | Description |
| flowStatus | string | if (doc.containsKey('STATUS.keyword') && !doc['STATUS.keyword'].empty) { if (doc.containsKey('ACTION.keyword')) { if (doc['STATUS.keyword'].value =~ /NOTIFIED/) return null; if (doc['STATUS.keyword'].value =~ /(20?)|(DEPLOYED)|(_OK)/) return "Flow_Success"; else if (doc['STATUS.keyword'].value =~ /(40?)|(50?)|(ERROR)|(NOT_)/) return "Flow_Failure"; } } return null; | Determines the flow status to be either Flow_Success or Flow_Failure based on STATUS info |
| RequestId_UUID | string | if (doc.containsKey('RequestId.keyword')) return doc['RequestId.keyword'].value; else if (doc.containsKey('UUID.keyword')) return doc['UUID.keyword'].value; | In the absence of RequestId, reports the UUID if available |
Import Kibana Object
On Kibana browser, import this object file (json) on Management → Saved Objects → Import.
...