How to build visualizations based on String fields

Elastic Stack Kibana
#1

Hi there.

I am trying to figure out a way to work with our data in kibana. Problem is, even tough we have a lot of diffrent lines within the Payload part of our logs wich means its kind of difficult to build filters in logstash for every possible line.
So currently we only have the fields that are always the same.

Payload:

PathologyProc :: PathologyProc_Pathology_Collector :: 0 :: CPPathologyCollectorCPU ---> [Global CPU] usage: 100

E. G. is it possible to read the cpu usage and throw it into a Vega visualization ?

#2

Hi @ThePreMan,

To build meaningful visualizations you'd have to preprocess your data first. There are different ways you can do it, for example:

  1. Logstash grok filter plugin
  2. Grok processor in ingest node
  3. or you can trying using Kibana's Scripted fields
#3

Thanks a lot. The scripted fields approach likley is the way to go for us right now. We will probably use the logstash grok filter in long term but it will help us out nontheless