Add grok patterns on unformatted message in Kibana visualization

Hi there, am trying to create a "metric visualization" to show the count of the "number of instances matching a text pattern", but do not see that field within the list of eligible fields when trying to use.
From the mapping, I do see it's a "text" field. Can we use grok filters on a field (say, log message) within a Kibana visualization? Or can they be used only within logstash to ingest data into elastic?

Here's what I mean:

Each document ingested into Elastic contains a text field called "log" with "SQLException" (somewhere within certain documents).

I am looking for a way to dashboard the total number of occurrences of "SQLException" in the text field called "log".

Thanks!

Not sure if I understand your question, but if you want to visualize a field, it must be of the type keyword. If it's not, it won't appear on the terms aggregation for a visual.

You cannot "grok" within kibana, that must be done before in logstash or in an ingest pipeline. But you can use the filters aggregation where you can have the data split by fieldA:instanceA* and fieldA:instanceB* for example.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.