Practitioner Level

Define Scripted Fields in Kibana 7.6

Pricing
2 hours
  • 3 Learning Objectives

About this Hands-on Lab

With scripted fields in Kibana, we can create new fields not originally indexed in Elasticsearch that are computed at query time and added as a new field to the resulting documents. In this hands-on lab, we will explore the capabilities of scripted fields in Kibana by creating and visualizing some of our own.

Learning Objectives

Successfully complete this lab by achieving the following learning objectives:

Create and Save the kilobytes Scripted Field for the Logs Index Pattern
  1. Create a new scripted field called kilobytes for the logs index pattern.
  2. Divide the value of the bytes field by 1024 to calculate the value for the scripted field.
  3. Save the field.
Create and Save the flight Scripted Field for the Flights Index Pattern
  1. Create a new scripted field called flight for the flights index pattern.
  2. Concatenate a combination of static strings and the fields FlightNum, OriginAirportID, and DestAirportID to produce values that look like Flight FlightNum: OriginAirportID to DestAirportID (for example: Flight 3CG21F9: EZE to SHA).
  3. Save the field.
Create and Save the system.memory.buffercache.pct Scripted Field for the metricbeat-* Index Pattern
  1. Create a new scripted field called system.memory.buffercache.pct for the metricbeat-* index pattern.
  2. Subtract the value of system.memory.actual.used.pct from system.memory.used.pct only if both fields do not have a size of 0 (otherwise known as a null value).
  3. Format the scripted field as a percentage number.
  4. Save the field.
Contact SalesSee Pricing

Additional Resources

You work as a data visualization specialist for a data analysis company. You've been tasked with creating the following scripted fields in Kibana in order to create new visualizations as requested by a number of your clients:

kilobytes

  • Create a new scripted field called kilobytes for the logs index pattern.
  • Divide the value of the bytes field by 1024 to calculate the value for the scripted field.

flight

  • Create a new scripted field called flight for the flights index pattern.
  • Concatenate a combination of static strings and the fields FlightNum, OriginAirportID, and DestAirportID to produce values that look like Flight FlightNum: OriginAirportID to DestAirportID (for example: Flight 3CG21F9: EZE to SHA)

system.memory.buffercache.pct

  • Create a new scripted field called system.memory.buffercache.pct for the metricbeat-* index pattern.
  • Subtract the value of system.memory.actual.used.pct from system.memory.used.pct only if both fields do not have a size of 0 (otherwise known as a null value).
  • Format the scripted field as a percentage number.

Your lab node has a Kibana instance which can be accessed in your local web browser by navigating to the public IP address of the lab node over port 8080 (example: http://public_ip:8080). To log in, use the elastic user with the password elastic_acg.

What are Hands-on Labs

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Don't have an account?

Get Started
Who’s going to be learning?
MyselfMy Organization