Hello,
I've spent a lot of time searching for an answer to this question, but have not found one. I'm writing Kibana queries to create table summaries of of logs. The tl;dr is that I want to write a group-match regex for a value in Kibana, then summarize the matching groups.
Example:
YYYY-MM-DD HH:MM:SS secure pname[pid]: Something happened
Where I write a regex that tokenizes this line, allowing me to make a table counting every unique occurrence of pname.
How do I do this in Kibana?
Thanks!
Generally, things like this should be a step in ingestion of a document rather than after the fact. It might be possible to write a script or a specific query, but most situations like this are solved better using something like the ingest API or Logstash.
Do you have sufficient privileges to make these changes or do you only have access to Kibana?
Thanks for your reply, Lukas.
Indeed, it seems that everything points to setting things up in ingestion. The downside to this, however, is that log formats may change over time, or the pieces of data that you want to gather may change over time. This means that a large re-deployment of configuration must be undertaken for any minor change. This will also create discrepancies in the index when new data arrives, afaik.
In any case, I believe my question has been answered - Kibana does not contain the functionality for which I am searching. I will take a look at the resources that you mentioned.
Thanks again.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.