How to combine message field

Vikneswar · February 6, 2018, 5:21pm

I am passing application log to kibana via Logstash > ES > Kibana , by default its creating index and assigning values but in message filed log are getting splitted , Below are the log as log started with new line , how we can combine this log togther in single message field

[2018-01-08 16:25:20,257][INFO][pool-16-thread-21][com.att.dda.databroker.DDADataBrokerUtility][sendPBMessage][972]:[Message Published to PB: <?xml version="1.0" encoding="UTF-8"?>

IMEITriggerDDADDAActivationActual355979084505094310410035365580281948026220ANDROID151545032017815154503202571515450320257]

thomasneirynck · February 7, 2018, 10:48pm

hi @Vikneswar,

Since this relates to data-ingestion, I think this is more of a Logstash question, and would take it over there. https://discuss.elastic.co/c/logstash.

From the Kibana end, you might be able to work-around it. You can concatenate the individual fields into a single one by creating a Scripted Field: https://www.elastic.co/guide/en/kibana/current/scripted-fields.html.

system · March 7, 2018, 10:49pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Log4j in integration with logstash Logstash	5	912	July 6, 2017
I need to split the message term field into different terms Kibana	3	5700	March 21, 2018
Split data in message field to separate fields to display in kibana Logstash	1	991	May 1, 2020
Multiple fields instead of message Logs	2	1079	January 18, 2019
How to combine the complete data in a csv/txt file in to a single column in message field Logstash	5	351	March 21, 2021

How to combine message field

Related topics