Hello,
In my case, one of the field has following texts:
(connectionIP =RDP) To login [from 08/08/2019 5:30 AM to 09/08/2019 4:00 PM (GMT+8.00) multiple operations].
Can anyone help me to filter inbetween pls ? .
The idea is to calculate duration of the active session wherein highlighted withinin the [brackets].
you have not mentioned whether you are using any tool for ingestion that could do this. You could use elasticsearch for this, by using a dissect/grok processor to split the string in several pieces, then use a script processor to calculate the duration.
--Alex
Thanks for your quick response @spinscale.
I am very new to ELK patterns. I've attached sample data. Can you help me to get the Grok Pattern please ?. I tried but not working.
Sample log : "S12345 Selva July Server access for ELK [From 5/08/2019 10:00:00 AM to 10:00:00 PM (GMT+8.00) multiple operations]".
Solution: expecting separate field as logged hours = 12 hours or 720 minutes.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.
