Hi. We are sending our application logs directly to elasticsearch and visualizing them in some graphs. But some log messages are about the same thing, just some parts are different. So we need to group this messages by the file and line from where they were sent. Assuming all the fields are properly sent to the elasticsearch, how can we do this grouping?
This question is the same as in Kibana Terms panel: How to group similar values
I believe a filters aggregation with a regexp filter will get you what you are looking for:
https://www.elastic.co/guide/en/elasticsearch/reference/current/search-aggregations-bucket-filters-aggregation.html
https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl-regexp-query.html (even though examples here show use in query, this should also work in a filter context)
I tried this on my end- may be it can help you- I have filebeat data which has some messages that include words like disconnecting and disconnected and maybe some other variations.
So I created a new horizontal bar graph visualization and selected the Filters aggregation.
Then I created several filters. Each filter is a query and you can use wildcards, AND OR, etc.
Hope this helps
Rashmi
Hi, thank you for the reply. I've stumbled upon this feature but I cannot anticipate which messages I will get. I need to group the messages by some other field or group of fields, like the field which stores the file and line from where the message came from.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.
