How to create visualization group by part of file name?

Hi,

I'm trying to create a visualization in Kibana (v4.6.1) so as to list log files by part of their names.

For example, I can view this files in Kibana :
/path1/path2/path3/myapp1.log.2017-02-07 => 1000 lines
/path1/path2/path3/myapp1.log.2017-02-06 => 500 lines
/path1/path4/path5/myapp2.log => 2000 lines
/path1/path4/path5/myapp2.log.2017-02-07 => 300 lines

Is it possible to have a data table with one tag "myapp1.log" to see all "myapp1" logs, etc :
myapp1.log 1500
myapp2.log 2300

Thanks !

you would need to index your data in a way that myapp1.log would be a separate field, then you could do that.

with filenames being in its current form you could try to use a scripted field to extract just the filename

go to management->index->scripted fields->add

try to add a scripted field .... depends how much assumptions can you make about your data.
i am making an assumption that your path includes a / and has a filename 10 chars long

dont forget to set field type to string (in this case)

if (doc['referer'].value.lastIndexOf('/') + 5 < doc['referer'].value.length()) { return doc['referer'].value.substring(doc['referer'].value.lastIndexOf('/'), doc['referer'].value.lastIndexOf('/') + 5) } else { return ''; }

now you could go to data table, select term aggregation and select your scripted field

Thanks ppisljar,

But I don't think I can do this, I'm using Kibana in a big company, with so much logs to index that administrators prefers only keep standard fields and avoid to create specific ones...
And I don't see "management" in my kibana view, so I think I don't have (admin ?) rights to do this.

Is there a solution, only with visualization and playing with data / buckets ?

Vincent

unfortunately none that i am aware of.

thanks for having tried

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.