How to combine message field

Vikneswar · February 6, 2018, 5:21pm

I am passing application log to kibana via Logstash > ES > Kibana , by default its creating index and assigning values but in message filed log are getting splitted , Below are the log as log started with new line , how we can combine this log togther in single message field

[2018-01-08 16:25:20,257][INFO][pool-16-thread-21][com.att.dda.databroker.DDADataBrokerUtility][sendPBMessage][972]:[Message Published to PB: <?xml version="1.0" encoding="UTF-8"?>

IMEITriggerDDADDAActivationActual355979084505094310410035365580281948026220ANDROID151545032017815154503202571515450320257]

thomasneirynck · February 7, 2018, 10:48pm

hi @Vikneswar,

Since this relates to data-ingestion, I think this is more of a Logstash question, and would take it over there. https://discuss.elastic.co/c/logstash.

From the Kibana end, you might be able to work-around it. You can concatenate the individual fields into a single one by creating a Scripted Field: https://www.elastic.co/guide/en/kibana/current/scripted-fields.html.

system · March 7, 2018, 10:49pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.