Extract data specific field and visualise in time (from logs)

i have some logfiles available in kibana and would like to extract values of a field and see them according to their timestamps

i have field called 'logger' that basically contains the java classes from which the log entry comes. e.g. 'com.mycompany.myproject.SomeClass', 'com.mycompany.myproject.SomeOtherClass'

i would like to visualize these loggers according to their timestamp. basically i would like to see what loggers are outputing in time

what kind of visualisation should i use? what settings? how do i extract the different values of a field (this might seem like a very basic question but i am new to kibana and my basic knowledge does not help me yet)

Hi @AlexandruRepede

To extract values from the fields there are two ways:

• at indexing time, depending on how you ingest data into ES, you can apply transformation and add as many transformation to your data as you need
• inside Kibana using Scripted Fields https://www.elastic.co/guide/en/kibana/current/scripted-fields.html in your case you can create a new scripted field using regexp to extract the value you need

Related to the type of visualization: what do you want to understand from your data? how many logs comes from a specific Class/field extracted? or have a more global overview on how these logs are distributed between Class/fields extracted?

If you want to a clear overview of the trends over time you can use a line chart over time, and split the chart into multiple series by the scripted field created or split the series by the same field.
If you want a more global overview and understand how the logs are distributed across your extracted field, you can use a histogram/barchart with stacked bars

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.