Hi, I need to extract a number from these text and then get the result if the value is greater than 1 or lesser than 1, can somebody knows how to do that?
I show in the picture whitch filters I use to get the message, I tried to do the substring how shown online but it didn't work
hello.
I think you should assign that number to an independent field. Then yo can do what you want using conditionals in logstash or apply a filter directly from kibana.
I have other logs with different parameters and I don't wanna break everything, do you know how may I create a field just using this source e message?
with logstash you can split the message field into multiple fields keeping the message field.
For example with a Grok filter
in logstash :
filter {
grok {
match => { "message" => "%{DATA}: %{NUMBER:NumeroExtraido}" }
}
}
once parsed, this value will be recorded in a new NumeroExtraido field that you can use for filtering in kibana or extra enrichment for those records where this value is bigger or smaller than 1 for example.
thanks, I will try this, I ve seen online that I can set the grok in devTools but the problem is I can't find it in my menu
i dont know wich kibana version are you using. In new versions it appears in stack management > Dev Tools > Grok debugger
But it is only a tester to check your Grok Pattern.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.