Discuss the Elastic Stack

Can elsastic search a logfile and pull users from that file

Elastic Stack Elasticsearch

nickdot (Nick) April 14, 2016, 3:07pm 1

Hello,

I'm new to Elastic/Logstash/kibana. I was wondering if I could actually do a search of a log file and pull out particular information and then output it to kibana graphically or within a table.

Here is the message that I'm trying to parse:

"logmessage": "Accepted a login request from a client. Client = xxx.xxx.xxx.xx:xxxxx, Username = xxxxx"

I'm actually trying to display any time someone logs in but I just need the "Username = xxxx", portion.

Is that possible?

I'm trying to think if I can do this with grok, but I cant find any examples.

nickdot (Nick) April 14, 2016, 4:26pm 2

Here is my example to work of what I came up with:

if "Accepted a login request from a client" in [logmessage] {
grok {
match => ["logmessage", "Username = "]
}

© 2020. All Rights Reserved - Elasticsearch

Elasticsearch is a trademark of Elasticsearch BV, registered in the U.S. and in other countries
Trademarks
Terms
Privacy
Brand
Code of Conduct

Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.