All,
I have a JSON log coming in from Akamai. 99% of searches against this data are using the field **cliIP**":"1.2.3.4" . Mind you, it's a dump from a cloud service, so there is no **host** field right now.
Given that it stands to reason that we should give that field some sort of priority in the index. My understanding is that an index-time extraction is a solution for this?
1) thought on that?
2) How would I build an index-time extract against json? Worried there is some special option I'll miss.
↧