Given the following event input inside Kibana Discover Page:
cloudwatch_logs.log_group: /aws/lambda/b2_raw_processor
@version: 1
message: 2019-08-01 15:30:19,207 - INFO - RAWPROC - PROCESS - SUCCESS - file_type:video - machine_id:93843ed258d1c8469a80c6d3672b033f - upload_date:2019-07-31 - tag_id:0548207774505533 - rsid:1564607297562 - timestamp:20190731 - extra_info:down - file:0548207774505533-1564607297562-20190731-down-000000.tar.bz2 : File processed successfully
@timestamp: Aug 1, 2019 @ 08:30:19.207
cloudwatch_logs.event_id: 34893383240648998145054626322427042217296655004557574166
cloudwatch_logs.ingestion_time: Aug 1, 2019 @ 08:30:32.524
cloudwatch_logs.log_stream: 2019/08/01/[$LATEST]c72de767a67b4919ae5f57f872b7b0ab
type: Cloudwatch
_id: 4_rOTWwBFuDxKtYSDOBz
_type: _doc
_index: stage-cloudwatch
_score: -
Is there any way to filter out machine_id:93843ed258d1c8469a80c6d3672b033f from the message field, and generated a new field out of it using Elasticsearch query?
For example:
cloudwatch_logs.log_group: /aws/lambda/b2_raw_processor
@version: 1
message: 2019-08-01 15:30:19,207 - INFO - RAWPROC - PROCESS - SUCCESS - file_type:video - machine_id:93843ed258d1c8469a80c6d3672b033f - upload_date:2019-07-31 - tag_id:0548207774505533 - rsid:1564607297562 - timestamp:20190731 - extra_info:down - file:0548207774505533-1564607297562-20190731-down-000000.tar.bz2 : File processed successfully
machine_id:93843ed258d1c8469a80c6d3672b033f
@timestamp: Aug 1, 2019 @ 08:30:19.207
cloudwatch_logs.event_id: 34893383240648998145054626322427042217296655004557574166
cloudwatch_logs.ingestion_time: Aug 1, 2019 @ 08:30:32.524
cloudwatch_logs.log_stream: 2019/08/01/[$LATEST]c72de767a67b4919ae5f57f872b7b0ab
type: Cloudwatch
_id: 4_rOTWwBFuDxKtYSDOBz
_type: _doc
_index: stage-cloudwatch
_score: -