I have the Status Code in log field only on kibana logs which I want to extract.
Is there any way in which we can parse the log field from Kibana itself?
"2021-03-08 06:16:16.631 INFO ; Status_Code=200; Response_Body={sometext};\n"
thanks
Are you ingesting these logs with another tool, and index each log line as a document into Elasticsearch?
Reading out Status_Code=XXX should be possible with the grok filter from logstash Grok filter plugin | Logstash Reference [7.11] | Elastic . You would just look for the Status_Code={code} pattern.
Can this be done once the logs are already in kibana dev tools though?
@aagarwal3 no, using grok is something you would do at ingest time. Apart from logstch, you could also use the grok-processor: Grok processor | Elasticsearch Reference [master] | Elastic This would be the preferred solution.
To do this at runtime, you can look to write a scripted-field, and use the Painless-programming language to parse out that status-code. Scripted fields | Kibana Guide [7.11] | Elastic
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.