Hello all new at ELK. Been doing well so far, but I have come across 1 problem and I figured it was worth asking.
I have filebeat sending me data off several servers. Filebeat is working well and I am able to filter out only the 1 line of data I want:
Filesystem /fb/data0 is GOOD, with current percent at 24 %
I now want this to be broken down into two columns. /fb/data0 and the number 24, of course 24 will change based on the usage of the file system, but the /fb/data0 will never change.
I have looked at the grok filter docs, and to be 100% honest I am just a little lost. Thank you in advance for any tips or advice.