I am using kibana-5.6.3
I have messages populating in kibana. I have the message in kibana as bleow
1330207 Backup host-44 Done **0** 2 fit-dev host-44 01/11/2018 18:00:02 01/11/2018 18:03:28 000:03:26
I want to extract number "0" located at 5th position in the message and add it as new field
How to do this on kibana side?
You would need to extract fields from message before storing the documents in Elastic Search. Logstash provides a rich feature set that is designed to read events from a data source(s), transform each event, and then send the transformed event to Elastic Search.
Nathan
@Nathan_Reese
I am using logstaah 5.6.4
I am trying to parse the below message field in logstash and add a field "error_code" but logstash adds all the fields(bytes, syslog_hostname, method, method2). How to configure logstash to stop adding the unwanted fields?
message: 1332414 Backup hgnmowi88-ben Done 0 16142082 idk-dev-db Prod-Differential host-ben
and my logstash confi is below
if [type] == "hostup" {
grok {
match => { "message" => "%{NUMBER:bytes}\s*%{WORD:method}\s*%{SYSLOGHOST:syslog_hostname}\s*%{WORD:method2}\s*%{INT:number}\s*%{INT:number2}\s*%{USERNAME:user_id}\s*%{SYSLOGHOST:syslog_hostname2}"}
add_field => { "error_code" => "%{number}"}
}
}
In your logstash configuration filter section, add the following
mutate {
remove_field => ["bytes", "syslog_hostname", "method", "method2"]
}
@Nathan_Reese how to parse a tab seperated message as below
message: 1332414 Backup hgnmowi88-ben Done 0 16142082 idk-dev-db Prod-Differential hqidwinfmd03-ben
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.