Hi,
the last part of my messages looks like these:
Beginn Bürgerliche Dämmerung HH:MM:SS,05:56:19
Zustand: Vor Ende Dämmerung,0
Ende Nautische Dämmerung HH:MM:SS,19:39:04
Windgeschwindigkeit km/h,1.1
Beginn Bürgerliche Dämmerung HH:MM:SS,05:56:19
Tag (0) / Nacht (1) anhand Nautischer Dämmerung,1
Zustand: Nach Beginn Dämmerung,1
The delimiter is the comma, but I don't find a pattern to match anything until the comma.
I tried using a regex for that,:
Beginn Bürgerliche Dämmerung HH:MM:SS,05:56:19
should be matched by:
(?<KNX-Item>[^\,]*),%{NOTSPACE:KNX-Value}
But I don't see these Fields in Kibana.
I am not sure what you want to express the data in Kibana or from your front-end application but from my experience I would suggest two approaches .
Approach A
(This plan will have each line as separate timeseries event )
If you want to process the section as per line base , then use combination with csv filter and grok filter.
Approach B
(This plan will parse data from the section into per timeseries event.)
If you want to process the section as a whole, then use combination with multiline codec and grok filter.
Try (?<KNX-Item>%{DATA}),%{NOTSPACE:KNX-Value}
The CSV plugin did the trick. Thanks a lot, I was totally focussed on grok.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.