How to build visualizations based on String fields

ThePreMan · February 11, 2021, 10:54am

Hi there.

I am trying to figure out a way to work with our data in kibana. Problem is, even tough we have a lot of diffrent lines within the Payload part of our logs wich means its kind of difficult to build filters in logstash for every possible line.
So currently we only have the fields that are always the same.

Payload:

PathologyProc :: PathologyProc_Pathology_Collector :: 0 :: CPPathologyCollectorCPU ---> [Global CPU] usage: 100

E. G. is it possible to read the cpu usage and throw it into a Vega visualization ?

dosant · February 11, 2021, 1:38pm

Hi @ThePreMan,

To build meaningful visualizations you'd have to preprocess your data first. There are different ways you can do it, for example:

Logstash grok filter plugin
Grok processor in ingest node
or you can trying using Kibana's Scripted fields

ThePreMan · February 16, 2021, 10:42am

Thanks a lot. The scripted fields approach likley is the way to go for us right now. We will probably use the logstash grok filter in long term but it will help us out nontheless

system · March 16, 2021, 10:43am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.