Creating metrics from a filebeat input

Hello everybody,

Can someone explain me how to create metrics from values retrieved fro a logfile (or point me to some good docs)?

I have a logfile on a server that I parse with filebeat and which are forwarded to aa logstash instance.

    INFO:root:Current values:  A1:10.2, A2:10.2
    INFO:root:Current values:  A1:10.8, A2:10.7
    INFO:root:Current values:  A1:10.6, A2:10.8

After applying the filter:

    filter {
        if [source] == "/var/log/testlog.log" {
            grok {
                match => { "message" => [
                                ".+ values:\s+A1:%{NUMBER:[sensor][a][voltage]},\s+A2:%{NUMBER:[sensor][b][voltage]}"
                           ]
                }
            }
            metricize {
                metrics => [ "[sensor][a][voltage]", "[sensor][b][voltage]" ]
                drop_original_event => true
                metric_field_name => "sensor_voltages"
                value_field_name => "voltage"
            }
        }
    }

I get in Kibana (JSON):

    {
      "_index": "filebeat-6.8.8-2020.05.02",
      "_type": "doc",
      "_id": "AogA13EBYy_YQLJ4g0mY",
      "_version": 1,
      "_score": null,
      "_source": {
        "message": "INFO:root:Current values:  A1:10.6, A2:10.8",
        "tags": [
          "beats_input_codec_plain_applied"
        ],
        "@version": "1",
        "beat": {
          "name": "server",
          "version": "6.8.8",
          "hostname": "server"
        },
        "prospector": {
          "type": "log"
        },
        "source": "/var/log/testlog.log",
        "voltage": "10.8",
        "@timestamp": "2020-05-02T20:07:46.573Z",
        "log": {
          "file": {
            "path": "/var/log/testlog.log"
          }
        },
        "offset": 13597,
        "sensor_voltages": "[sensor][b][voltage]",
        "host": {
          "containerized": false,
          "name": "server",
          "id": "a0f1178ee9c0427f8e449e7b2f7b805a",
          "os": {
            "name": "Ubuntu",
            "family": "debian",
            "platform": "ubuntu",
            "version": "18.04.4 LTS (Bionic Beaver)",
            "codename": "bionic"
          },
          "architecture": "x86_64"
        },
        "sensor": {
          "b": {},
          "a": {}
        },
        "input": {
          "type": "log"
        }
      },
      "fields": {
        "@timestamp": [
          "2020-05-02T20:07:46.573Z"
        ]
      },
      "sort": [
        1588450066573
      ]
    }

Now I have 2 questions:

1. How can I rename

"sensor_voltages": "[sensor][b][voltage]"
to
"sensor_voltages": "sensor_b"

2. When I try to visualize by creating a gauge (average), I don't see the fieldname in the dropdown list of the metrics. How can I buid a gauge displaying the average voltage over the given period?

I've been looking around in the forum, but can't find an answer... maybe I don't use the correct search terms.

Any help appreciated!

Cheers!

Wim

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.