How can i add a field to visualize a specific value and to calculate with it?

Murat89 · March 8, 2018, 2:32pm

Hi,

im new in elastic stack and want to try out Kibana. I have Pexip Logs below, my issue is that the duration is not recognized as a Field, I would like to have the duration value so i can calculate the average duration of video calls and visualize it. Please help me.

Thanks in advance.

Logsample:
message:<134>Feb 27 21:58:03.439 newnode01 2018-02-27 21:58:03,439 Level="INFO" Name="administrator.conference" Message="Conference has been stopped." Conference="New VMR" Service-tag="" Service-type="conference" Duration="10.400" host:11.111.111.111 @timestamp:February 27th 2018, 22:58:03.440 @version:1 type:syslog _id:X9BF2WEBxgyqZgr-xOFI _type:mylogs _index:myindex _score: -

Marius_Dragomir · March 8, 2018, 8:33pm

Hello, what are you using to ingest the log in ES? If you are using Logstash, take a look at the Grok input filter where you can set any part of the log line as a field in ES ( and in Kibana, of course).
https://www.elastic.co/guide/en/logstash/current/plugins-filters-grok.html

Murat89 · March 8, 2018, 9:02pm

Hi, im using Logstash, my grok filter doesn't seem to work, if you look at my sample log, how would you do the filter?

Marius_Dragomir · March 8, 2018, 9:14pm

I'm really not good with Grok filters, sorry. The people in the Logstash forums will be more familiar with them. You can try posting the question about parsing your log line there.

Murat89 · March 8, 2018, 10:10pm

thank you, I will do that

system · April 5, 2018, 10:11pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.