Group the fields

Elastic Stack Logstash
1 
Hi, I have a log file structured like this :
    2019-06-20T05:39:27,568 | INFO  | qtp441473107-156663 | UID1
    2019-06-20T05:39:28,874 | INFO  | qtp441473107-156785 | UID1
    2019-06-20T05:39:28,879 | INFO  | qtp441473107-156786 | UID2
    2019-06-20T05:39:28,880 | INFO  | qtp441473107-156787 | UID2

I want to retrieve in just one event all the fields which have the same UID and display them in kibana discover. I am using filebeat and logstash 7.0.1. Thank you.
config file logastash: 

input {
  beats {
    port => 5044
  }
}

   filter {
    dissect {
      mapping => {
        "message" => "%{date}|%{info}|%{ticks}|%{UID}"
      }
    }
  }
output {
  elasticsearch {
    hosts => ["http://localhost:9200"]
    index => "filebeat-pcloulouze-%{+yyyy.MM.dd}"
  }
}
2

Use an aggregate filter. Either example 3 or example 4.

1 Like
3 
Hi, I have a log file structured like this :
    2019-06-20T05:39:27,568 | INFO | INPUT| UID1
    2019-06-20T05:39:28,874 | INFO | INPUT| UID2
    2019-06-20T05:39:28,879 | INFO | OUTPUT | UID1
    2019-06-20T05:39:28,880 | INFO | OUTPUT | UID2

I want to retrieve in just one event all the fields which have the same UID and display them in kibana discover like this:

@timestamp	Jun 25, 2019 @ 14:26:33.245
       	valUID: UID1
        valIN: INPUT
        valOUT: OUTPUT
        valinfo: INFO

@timestamp	Jun 25, 2019 @ 14:26:33.246
       	valUID: UID2
        valIN: INPUT
        valOUT: OUTPUT
        valinfo: INFO
. I am using filebeat and logstash 7.0.1. Thank you.
4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.