i am visualizing syslogs in kibana. i am getting messages under syslog_message field.I want to visualize the count of a portion of message . e.g in below line i wan to count total number of cdp/interface portion..there may be something different in that portion.So i want to visualize count of that portion.But i dont know what will appear over there thats why i cant use filtering.
syslog_message:[cdp/interface.ERR] - {- -} Error writing CDP frame
is there any way to do that in kibana?
If the whole syslog entry is in one field it'll be difficult to perform meaningful analysis in Kibana. Kibana doesn't have a way to convert this data, although you may be to search over it. Before ingesting into elasticsearch I would recommend breaking the data up into individual fields using something like logstash.
yea i am using logstash. i am also indexing the whole data. My problem is i want to fetch a portion of indexed field.
like i want to replicate the function of re.group(0) of python regular expression. i want the count of that part , which i don't what ll appear in that position.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.