Extract value from field for visualization

Is it possible to extract from a parsed field and then visualize that number? Example, I want to show my firewall's current user session and that is already parsed out as Subject but I don't want the whole message, just the number of concurrent sessions.

Below is the log. It shows as indexed subject and I can create a graph showing how many messages contain "concurrent sessions" but what I really want is a graph dial showing the number 170.

subject Performance statistics: average CPU: 0, memory: 20, concurrent sessions: 170, setup-rate: 5

Possible? Cheers...

You should really do that before sending it to Elasticsearch. You might be able to do this with a script, but it'd be messy and expensive.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.