...
The following two painless scripted fields need to be created against the index pattern "logstash-*".
| Field Name | Type | Script code | Description |
|---|---|---|---|
| flowStatus | string | if (doc.containsKey('STATUS.keyword') && !doc['STATUS.keyword'].empty) { if (doc.containsKey('ACTION.keyword')) { if (doc['STATUS.keyword'].value =~ /NOTIFIED/) return null; if (doc['STATUS.keyword'].value =~ /(20?)|(DEPLOYED)|(_OK)/) return "Flow_Success"; else if (doc['STATUS.keyword'].value =~ /(40?)|(50?)|(ERROR)|(NOT_)/) return "Flow_Failure"; } } return null; | Determines the flow status to be either Flow_Success or Flow_Failure based on STATUS info |
| RequestId_UUID | string | if (doc.containsKey('RequestId.keyword')) return doc['RequestId.keyword'].value; else if (doc.containsKey('UUID.keyword')) return doc['UUID.keyword'].value; | In the absence of RequestId, reports the UUID if available |
...