GROOK FILTER HOW TO SPLIT THE MULTI VALUE COLUMN

saravana_hariharan · December 11, 2019, 12:14pm

GROOK FILTER
%{NUMBER:TIME} \t %{WORD:SESSIONID} \t %{WORD:REQUESTID} \t %{WORD:CRUD} \t %{GREEDYDATA:FIELDVALUE}

My question is how to split one column,which has multiple values of (CREATEDBY,CREATEDTIME,UPDATEDBY,UPDATEDTIME) after indexpattern successfully created how to i get this createdby,updatedby, fields individualy in kibana field option

thanks
saravanan R

system · January 8, 2020, 12:14pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.