How to extract a single word from keyword in order to put in cloud tags

Francesco_De_Nardi · January 8, 2019, 3:58pm

Do you think it's possible to extract a single word from keyword message?

for example I have this field

@message "type=USER_AUTH msg=audit(154126859238.015:964219353): pid=272523 uid=0 auid=42943967295 ses=41"
and i would to extract just this word "pid=272523 " and put in tag cloud

Thankls

Nathan_Reese · January 9, 2019, 1:09am

I would recommend breaking the message field out into individual fields during insertion to elasticsearch so your documents would look like

{
  pid: 272523,
  uid: 0,
  type: USER_AUTH
}

Then you can create a tag cloud aggregation on the pid field.

system · February 6, 2019, 1:09am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Kibana Word Cloud on Text Field Kibana	11	6455	October 30, 2020
Creating a Tag Cloud Kibana	4	785	November 30, 2023
.keyword field not working & how can i split sentence? Kibana	3	851	August 27, 2018
I need a very important help “tag cloud” Logstash	1	269	February 1, 2019
Unique count on field, not on field.keyword Kibana	3	2802	October 21, 2019

How to extract a single word from keyword in order to put in cloud tags

Related topics