IMPORTANT: No additional bug fixes or documentation updates will be released for this version. For the latest information, see the current release documentation.
Elastic Docs Kibana Guide [7.3] Management Managing Fields
« Numeric Field Formatters Managing Indices »

Scripted Fieldsedit

Scripted fields compute data on the fly from the data in your Elasticsearch indices. Scripted field data is shown on the Discover tab as part of the document data, and you can use scripted fields in your visualizations. Scripted field values are computed at query time so they aren’t indexed and cannot be searched using Kibana’s default query language. However they can be queried using Kibana’s new experimental query language. Scripted fields are also supported in the filter bar.

Computing data on the fly with scripted fields can be very resource intensive and can have a direct impact on Kibana’s performance. Keep in mind that there’s no built-in validation of a scripted field. If your scripts are buggy, you’ll get exceptions whenever you try to view the dynamically generated data.

When you define a scripted field in Kibana, you have a choice of the Lucene expressions or the Painless scripting language.

You can reference any single value numeric field in your expressions, for example:

doc['field_name'].value

For more background on scripted fields and additional examples, refer to this blog: Using Painless in Kibana scripted fields

Creating a Scripted Fieldedit

To create a scripted field:

  1. Go to Management > Kibana > Index Patterns
  2. Select the index pattern you want to add a scripted field to.
  3. Go to the pattern’s Scripted fields tab.
  4. Click Add scripted field.
  5. Enter a name for the scripted field.
  6. Enter the expression that you want to use to compute a value on the fly from your index data.
  7. Click Create field.

For more information about scripted fields in Elasticsearch, see Scripting.

Updating a Scripted Fieldedit

To modify a scripted field:

  1. Go to Management > Kibana > Index Patterns
  2. Click the index pattern’s Scripted fields tab.
  3. Click the Edit button for the scripted field you want to change.
  4. Make your changes and then click Save field to update the field.

Keep in mind that there’s no built-in validation of a scripted field. If your scripts are buggy, you’ll get exceptions whenever you try to view the dynamically generated data.

Deleting a Scripted Fieldedit

To delete a scripted field:

  1. Go to Management > Kibana > Index Patterns
  2. Click the index pattern’s Scripted fields tab.
  3. Click the Delete button for the scripted field you want to remove.
  4. Click Delete in the confirmation window.
« Numeric Field Formatters Managing Indices »