Been reading lots of docs and looking at examples. I expect I just don't understand enough terminology yet. But, here's is what I want to do.
I am exporting a JBoss log through logstash.
ES gets the body of the JBoss message in "message" field.
I would like to break that message field down into smaller fields in different ways depending on the contents of the JBoss message.
If the JBoss log has the word "Fred" in it, the extract a, b, and c
If the JBoss log has the word "Barney" in it, extract x, y, and z
What is the general approach for doing this sort of thing?
What are the "magic" searchable words I should use to find info on this topic?
Thanks!