Currently, I'm trying to associate a process ID from a log to the name of the process. For instance, if I ingest 5 files, all of which belong to the same device, the name of the process will have a different process ID. The name of the process is established early on in the file eg (1234): Start proc 2315 as NEW_PROC where 2315 is the new process ID and NEW_PROC is the process itself. Subsequent lines will be presented as (2315): this is some process text Sorry if anything is unclear, but how could I go about doing this?
Hi
You should do this lookup when ingesting your data, e.g. you could use the enrich processor of ES for that purpose, have a look:
https://www.elastic.co/guide/en/elasticsearch/reference/current/ingest-enriching-data.html
If you're using Logstash you could store the processID to processName relation in memcache by using the memcache filter:
https://www.elastic.co/guide/en/logstash/current/plugins-filters-memcached.html
There's no way to do this in directly in Kibana
Best,
Matthias
update: there's no way to do this in kibana, unless these process id to process name would be static, then you could use a scripted field for that, but I think they are not static, right?
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.