How parse sample values frm Kibana

regiereyes151985 · November 29, 2017, 8:19am

Hello,
How to parse sample data values from Kibana?
Lets say for example from the message field and here the values.
I want to get only the Relying Party, user name and the error message.

Encountered error during federation passive request.

Additional Data

Protocol Name:
wsfed

Relying Party:
https://walloffame.ciostage.accenture.com

Exception details:
Microsoft.IdentityServer.AuthenticationFailedException: rR6j7Lx4Fg53bJ0u1Ds2-The user name or password is incorrect ---> System.IdentityModel.Tokens.SecurityTokenValidationException: rR6j7Lx4Fg53bJ0u1Ds2 ---> System.ComponentModel.Win32Exception: The user name or password is incorrect
at Microsoft.IdentityServer.Tokens.LsaLogonUserHelper.GetLsaLogonUserHandle(SafeHGlobalHandle pLogonInfo, Int32 logonInfoSize, SafeCloseHandle& tokenHandle, SafeLsaReturnBufferHandle& profileHandle)

jbudz · November 29, 2017, 4:20pm

This isn't something usually done at the Kibana level, typically you'll want to parse this data out before ingesting into elasticsearch.

Two common ways of doing this are with ingest node in elasticsearch or the grok filter in logstash. Both more or less use a bunch of regular expressions to parse out JSON before storing the documents.

If these aren't options you could write a scripted field from the index patterns page in Kibana. It can be used to parse field values out at query time.

system · December 27, 2017, 4:20pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.