diff --git a/docs/reference/scripting.asciidoc b/docs/reference/scripting.asciidoc index 37373d5c54434..170d01512cacc 100644 --- a/docs/reference/scripting.asciidoc +++ b/docs/reference/scripting.asciidoc @@ -53,6 +53,8 @@ include::scripting/painless.asciidoc[] include::scripting/using.asciidoc[] +include::scripting/common-script-uses.asciidoc[] + include::scripting/fields.asciidoc[] include::scripting/security.asciidoc[] diff --git a/docs/reference/scripting/common-script-uses.asciidoc b/docs/reference/scripting/common-script-uses.asciidoc index b5269276fc5ac..0b78115cc2637 100644 --- a/docs/reference/scripting/common-script-uses.asciidoc +++ b/docs/reference/scripting/common-script-uses.asciidoc @@ -1,12 +1,14 @@ [[common-script-uses]] -=== Common scripting use cases +== Common scripting use cases You can write a script to do almost anything, and sometimes, that's the trouble. It's challenging to know what's possible with scripts, so the following examples address common uses cases where scripts are really helpful. +* <> + [[scripting-field-extraction]] -==== Field extraction +=== Field extraction The goal of field extraction is simple; you have fields in your data with a bunch of information, but you only want to extract pieces and parts. @@ -73,7 +75,7 @@ POST /my-index/_bulk?refresh [discrete] [[field-extraction-ip]] -===== Extract an IP address from a log message (Grok) +==== Extract an IP address from a log message (Grok) If you want to retrieve results that include `clientip`, you can add that field as a runtime field in the mapping. The following runtime script defines a grok pattern that extracts structured fields out of the `message` field. diff --git a/docs/reference/scripting/using.asciidoc b/docs/reference/scripting/using.asciidoc index e235dcb210aa9..8c3c372032d80 100644 --- a/docs/reference/scripting/using.asciidoc +++ b/docs/reference/scripting/using.asciidoc @@ -566,4 +566,3 @@ DELETE /_ingest/pipeline/my_test_scores_pipeline //// -include::common-script-uses.asciidoc[]