How do I index regular expressions?

Joshua_Fox · January 31, 2018, 2:22pm

For log management, I want to build Kibana reports based on log lines like this:

2018-01-31 11:50:00.212 Loading the user images took 234 ms 
2018-01-31 10:23:01.984 Loading the user images took 331 ms 
2018-01-31 10:12:41.323 Loading the user images took 512 ms

So, the report would take lines with the string Loading the user images took

Then the regex would extract the number as in /took (\d+) ms/ and build a chart or notification.

How do I do this?

(Searching for this topic, I find discussion of regex queries and indexes but nothing about this functionality (which is quite basic in Splunk.)

Christian_Dahlqvist · January 31, 2018, 2:30pm

You can parse and extract values into separate fields in Logstash, e.g. using a grok filter. Then you can use these fields to build visualizations in Kibana.

system · February 28, 2018, 2:30pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Parsing and applying regex in kibana Kibana	5	11495	July 6, 2017
Aggregation of Regex of Terms Kibana	2	1744	July 6, 2017
Aggregate/visualize based on substring or regex query Kibana	2	5137	February 17, 2020
Help Looking/ indexing/ extracting data Kibana	4	599	May 12, 2017
Logstash (elastic stack 5.6) grok regex Logstash	4	592	December 27, 2017

How do I index regular expressions?

Related topics