Created
May 26, 2021 05:01
-
-
Save pmuellr/2211371877feaac0081f1182df484e30 to your computer and use it in GitHub Desktop.
Kibana runtime field for saved object ids in the .kibana-event-log indices
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // runtime field definition to add to .kibana-event-log index patterns | |
| // I name the field `soid`, which will have either alert or action ids, or both | |
| // prefixed by their type. Useful for Discover and Lens. | |
| // For Kibana >= 7.13.0 | |
| def savedObjects = params._source["kibana"]["saved_objects"]; | |
| if (savedObjects.length > 0) { | |
| emit(savedObjects[0]["type"] + ":" + savedObjects[0]["id"]); | |
| } | |
| if (savedObjects.length > 1) { | |
| emit(savedObjects[1]["type"] + ":" + savedObjects[1]["id"]); | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment