Extract specific string from a field in ELK

I am newbie in ELK. In my ELK, a single document has multiple fields (k8s.pod,k8s.ns,timestamp,logtag,stream and message etc.,). In the message field, I am getting the logs like below

e[36m15:25:47.508e[0;39m e[1;30m[default-nioEventLoopGroup-3-11]e[0;39m e[34mINFO e[0;39m e[35mc.i.e.c.PaymentGatewaye[0;39m [req_id: 8c5f50d19d664a3c5e533a3257817aae] [x-b3-traceid:] - PaymentGateway::getEncrypt START Request: PaymentRequest{amount='I31HEvNdWX/5eQl5vs8P0w==', useCase='RECHARGE', tagId='xxxxxx', vehicleClass='', mobileNo='', platform='null', poolId='', tripInsurancePolicyCode='', isRecurringPolicy='false'}

e[36m15:25:47.508e[0;39m e[1;30m[default-nioEventLoopGroup-3-11]e[0;39m e[34mINFO e[0;39m e[35mc.i.e.c.PaymentGatewaye[0;39m [req_id: 8c5f50d19d664a3c5e533a3257817aae] [x-b3-traceid:] - PaymentGateway::getEncrypt checking session

e[36m15:25:47.508e[0;39m e[1;30m[default-nioEventLoopGroup-3-11]e[0;39m e[34mINFO e[0;39m e[35mc.i.e.service.UtilityServicee[0;39m [req_id: 8c5f50d19d664a3c5e533a3257817aae] [x-b3-traceid:] - UtilityService::checkValidUser JWT CHECK :: START
e[36m15:25:47.510e[0;39m e[1;30m[default-nioEventLoopGroup-3-11]e[0;39m e[39mDEBUGe[0;39m e[35morg.hibernate.SQLe[0;39m [req_id: 8c5f50d19d664a3c5e533a3257817aae] [x-b3-traceid:] - select * from ( SELECT * FROM xxxxxx WHERE user_id = ? ) where rownum <= ?
e[36m15:25:47.511e[0;39m e[1;30m[default-nioEventLoopGroup-3-11]e[0;39m e[34mINFO e[0;39m e[35mc.i.e.service.UtilityServicee[0;39m [req_id: 8c5f50d19d664a3c5e533a3257817aae] [x-b3-traceid:] - Userid : xxxxxx == UtilityService :: checkValidUser = LastAccessTimestamp is not null , checking session valid or not
e[36m15:25:47.511e[0;39m e[1;30m[default-nioEventLoopGroup-3-11]e[0;39m e[34mINFO e[0;39m e[35mc.i.e.service.UtilityServicee[0;39m [req_id: 8c5f50d19d664a3c5e533a3257817aae] [x-b3-traceid:] - UtilityService::checkValidUser = Query Time : 3
e[36m15:25:47.511e[0;39m e[1;30m[default-nioEventLoopGroup-3-11]e[0;39m e[34mINFO e[0;39m e[35mc.i.e.service.UtilityServicee[0;39m [req_id: 8c5f50d19d664a3c5e533a3257817aae] [x-b3-traceid:] - Userid : xxxxxx == UtilityService :: checkValidUser = Getting the JWT from db and Claim the payload from JWT
[36m15:25:47.583[0;39m [1;30m[default-Group-3-11][0;39m [34mINFO [0;39m [35mc.i.e.s.PaymentGatewayService[0;39m [req_id: 8c5f50d19d664a3c5e533a3257817aae] [x-b3-traceid:] - userId : xxxxxx == PaymentGatewayService::getEncryptedPayment calling sendSms function

I already integrated ELK datasource in Grafana. I need to extract the specific text "8c5f50d19d664a3c5e533a3257817aae" and visualise those text in table format in Grafana. Kindly help

Hi @Satheesh,

Welcome to the community! Do you want to extract the value to a separate fields? If you are using Logstash, which it sounds like you are, you could use the Grok filter to extract the value into a new field using regex and then use the text in your Grafana visualizations.

Hope that helps!

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.