Add grok patterns on unformatted message in Kibana visualization

vee · January 3, 2022, 7:44pm

Hi there, am trying to create a "metric visualization" to show the count of the "number of instances matching a text pattern", but do not see that field within the list of eligible fields when trying to use.
From the mapping, I do see it's a "text" field. Can we use grok filters on a field (say, log message) within a Kibana visualization? Or can they be used only within logstash to ingest data into elastic?

Here's what I mean:

Each document ingested into Elastic contains a text field called "log" with "SQLException" (somewhere within certain documents).

I am looking for a way to dashboard the total number of occurrences of "SQLException" in the text field called "log".

Thanks!

seanziee · January 3, 2022, 10:11pm

Not sure if I understand your question, but if you want to visualize a field, it must be of the type keyword. If it's not, it won't appear on the terms aggregation for a visual.

You cannot "grok" within kibana, that must be done before in logstash or in an ingest pipeline. But you can use the filters aggregation where you can have the data split by fieldA:instanceA* and fieldA:instanceB* for example.

system · January 31, 2022, 10:12pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Not able to create visualization Kibana	9	458	August 22, 2019
Count occurences of a field excludig a pattern Kibana	5	1484	July 6, 2017
Logstash Filters Logstash	8	736	July 6, 2017
How can I filter certain information from the logs? Kibana	8	457	December 6, 2023
Visualizing fields extracted from logs Kibana	4	1714	July 6, 2017

Add grok patterns on unformatted message in Kibana visualization

Related topics