Extract specific string from a field in ELK

Satheesh · December 7, 2023, 10:17am

I am newbie in ELK. In my ELK, a single document has multiple fields (k8s.pod,k8s.ns,timestamp,logtag,stream and message etc.,). In the message field, I am getting the logs like below

e[36m15:25:47.508e[0;39m e[1;30m[default-nioEventLoopGroup-3-11]e[0;39m e[34mINFO e[0;39m e[35mc.i.e.c.PaymentGatewaye[0;39m [req_id: 8c5f50d19d664a3c5e533a3257817aae] [x-b3-traceid:] - PaymentGateway::getEncrypt START Request: PaymentRequest{amount='I31HEvNdWX/5eQl5vs8P0w==', useCase='RECHARGE', tagId='xxxxxx', vehicleClass='', mobileNo='', platform='null', poolId='', tripInsurancePolicyCode='', isRecurringPolicy='false'}

e[36m15:25:47.508e[0;39m e[1;30m[default-nioEventLoopGroup-3-11]e[0;39m e[34mINFO e[0;39m e[35mc.i.e.c.PaymentGatewaye[0;39m [req_id: 8c5f50d19d664a3c5e533a3257817aae] [x-b3-traceid:] - PaymentGateway::getEncrypt checking session

e[36m15:25:47.508e[0;39m e[1;30m[default-nioEventLoopGroup-3-11]e[0;39m e[34mINFO e[0;39m e[35mc.i.e.service.UtilityServicee[0;39m [req_id: 8c5f50d19d664a3c5e533a3257817aae] [x-b3-traceid:] - UtilityService::checkValidUser JWT CHECK :: START
e[36m15:25:47.510e[0;39m e[1;30m[default-nioEventLoopGroup-3-11]e[0;39m e[39mDEBUGe[0;39m e[35morg.hibernate.SQLe[0;39m [req_id: 8c5f50d19d664a3c5e533a3257817aae] [x-b3-traceid:] - select * from ( SELECT * FROM xxxxxx WHERE user_id = ? ) where rownum <= ?
e[36m15:25:47.511e[0;39m e[1;30m[default-nioEventLoopGroup-3-11]e[0;39m e[34mINFO e[0;39m e[35mc.i.e.service.UtilityServicee[0;39m [req_id: 8c5f50d19d664a3c5e533a3257817aae] [x-b3-traceid:] - Userid : xxxxxx == UtilityService :: checkValidUser = LastAccessTimestamp is not null , checking session valid or not
e[36m15:25:47.511e[0;39m e[1;30m[default-nioEventLoopGroup-3-11]e[0;39m e[34mINFO e[0;39m e[35mc.i.e.service.UtilityServicee[0;39m [req_id: 8c5f50d19d664a3c5e533a3257817aae] [x-b3-traceid:] - UtilityService::checkValidUser = Query Time : 3
e[36m15:25:47.511e[0;39m e[1;30m[default-nioEventLoopGroup-3-11]e[0;39m e[34mINFO e[0;39m e[35mc.i.e.service.UtilityServicee[0;39m [req_id: 8c5f50d19d664a3c5e533a3257817aae] [x-b3-traceid:] - Userid : xxxxxx == UtilityService :: checkValidUser = Getting the JWT from db and Claim the payload from JWT
[36m15:25:47.583[0;39m [1;30m[default-Group-3-11][0;39m [34mINFO [0;39m [35mc.i.e.s.PaymentGatewayService[0;39m [req_id: 8c5f50d19d664a3c5e533a3257817aae] [x-b3-traceid:] - userId : xxxxxx == PaymentGatewayService::getEncryptedPayment calling sendSms function

I already integrated ELK datasource in Grafana. I need to extract the specific text "8c5f50d19d664a3c5e533a3257817aae" and visualise those text in table format in Grafana. Kindly help

carly.richmond · December 7, 2023, 12:07pm

Hi @Satheesh,

Welcome to the community! Do you want to extract the value to a separate fields? If you are using Logstash, which it sounds like you are, you could use the Grok filter to extract the value into a new field using regex and then use the text in your Grafana visualizations.

Hope that helps!

system · January 4, 2024, 12:08pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.