How to extract a field from message and create a visualization?

friscos · January 17, 2019, 1:22am

Hi,

I would like to extract a responsetime from message and create a visualization for the response time. How do i do that?

Here is how my message looks like:

{
"_index": "test",
"_type": "logs",
"_id": "pTylV93",
"_version": 1,
"_score": null,
"_source": {
"application-name": "test",
"@timestamp": "2019-01-17T01:10:55.297Z",
"level": "INFO",
"logger": null,
"@version": "1",
"message": "{ "Service":"ABC", "abcresponsetime":158,"Service":"XYZ","xyzresponsetime":340}",
"loggerName": "test",
"timestamp": "2019-01-17T01:10:54.842+00:00",
"unknownFields": {
"loggerName": "test"
}
},
"fields": {
"@timestamp": [
1547687455297
],
"timestamp": [
1547687454842
]
},
"sort": [
1547687454842
]
}

I am interested in creating the visualization for xyzresponsetime. Please advise.

Christian_Dahlqvist · January 17, 2019, 6:26am

This is something you should do before indexing your data into Elasticsearch, e.g. using Logstash or an ingest node pipeline. Trying to parse this out at query time will be expensive, slow and most likely not scale well.

system · February 14, 2019, 6:26am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.