How to get a speficifc value of a string in the log and build a vertical graph with it

Hello everyone, i'm a new user from ELK stack, and i'm having some difficulties to build a vertical graph on kibana.

I need to build a graph that brings me a specific value of a string, this value may vary time to time.

This is a RTSP log, i need to catch this value Current session count: 237 then build a vertical graph with this value, the problem is, when i filter the log by messages, the graph shows me a amount of time that this messages appears in the log.

Could you please help me with this question?

Thanks in advance

2019-01-01 01:13:05.008586 UTC SPOCBESTR01 ClientSession.cc|1417|1551207312|Wrote rtsp session to the CServer with opcode 4 for session: 144323045

2019-01-01 01:13:05.008807 UTC SPOCBESTR01 VooSession.cc|838|1551207312|Message:

Session: 147992935

2019-01-01 01:13:05.772835 UTC SPOCBESTR01 RTSPMsgHandler.cc|782|1488169872|Current session count: 237

2019-01-01 01:13:05.008666 UTC SPOCBESTR01 ClientSession.cc|1168|1551207312|Adding rtsp session to the database with db opcode 4 for session: 144323045

2019-01-01 01:13:05.008842 UTC SPOCBESTR01 VooSession.cc|848|1551207312|Successfully sent message to STB for the Session 144323045

2019-01-01 01:13:05.773432 UTC SPOCBESTR01 ClientSession.cc|1534|1488169872|Callback id 4897 valid for session 147992935

2019-01-01 01:13:05.008706 UTC SPOCBESTR01 ClientSession.cc|1519|1551207312|Adding rtsp annex to the database with db opcode: 4 for session: 144323045

Session: 144323045

2019-01-01 01:13:05.772896 UTC SPOCBESTR01 RTSPMsgHandler.cc|1081|1488169872|Found session for message type : 2:147992935

2019-01-01 01:13:05.957379 UTC SPOCBESTR01 RTSPMsgHandler.cc|1293|1473461136|FOUND session object for the model message

2019-01-01 01:13:06.278062 UTC SPOCBESTR01 RTSPResponseListener.cc|122|1532296080|Response Message Processing for the Session Id 147992935

2019-01-01 01:13:05.773967 UTC SPOCBESTR01 ClientSession.cc|738|1488169872|Adding callback id 4897 for fast forward, Session 147992935

Session Id: 147992935

2019-01-01 01:13:06.285998 UTC SPOCBESTR01 ClientSession.cc|1417|1532296080|Wrote rtsp session to the CServer with opcode 4 for session: 147992935

2019-01-01 01:13:06.286102 UTC SPOCBESTR01 ClientSession.cc|1519|1532296080|Adding rtsp annex to the database with db opcode: 4 for session: 147992935

2019-01-01 01:13:06.286230 UTC SPOCBESTR01 VooSession.cc|848|1532296080|Successfully sent message to STB for the Session 147992935

2019-01-01 01:13:06.278847 UTC SPOCBESTR01 ClientSession.cc|1189|1532296080|Adding Opaque data from Cserver 4 for session: 147992935 RTSPOpaque_size : 7068

2019-01-01 01:13:06.286196 UTC SPOCBESTR01 VooSession.cc|838|1532296080|Message:

2019-01-08 18:00:34.106

Session: 147992935

RTSP Session Handle 635624817410356469

2019-01-01 01:13:06.286062 UTC SPOCBESTR01 ClientSession.cc|1168|1532296080|Adding rtsp session to the database with db opcode 4 for session: 147992935

Session: 147992935

How are you ingesting this data? What does the index mapping look like in Elasticsearch.

Hi Bill, i'm ingesting this data from a static file for evaluation propose, so i get the log file from the server and put it on elasticsearch server, i don't know if i understood you in the matter of index mapping, but when i tried to discover this log on discovery tab on kibana, i do it in this way.

host.name : "SPOMBILNX06" and source : "/var/log/rtsp.log" and message Current session count

Thanks for your help.

How specifically are you doing this? Are you using logstash? Are you posting the entire logfile as a single document?

Are you using logstash? I'm not using logstash, actually i'm using the filebeat to get this log on the /var/log directory, then, send the logs to elasticsearch.

Are you posting the entire logfile as a single document? Yes, i'm getting the entire logfile as a single document

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.