I was trying to figure out how to extract a field from a set of log messages, and most of the answers online suggest that you should handle this upstream, by using dissect on filebeat or something like that.
What do I do if I have a ton of log messages that have already been ingested without dissect, and I want to analyze them?
This is not really a Kibana question, but you can define an ingest pipeline like shown here: https://www.elastic.co/guide/en/elasticsearch/reference/master/ingest.html
For extracting a field you can use the grok processor for example: https://www.elastic.co/guide/en/elasticsearch/reference/master/grok-processor.html
and then re-index your data through the pipeline: https://www.elastic.co/guide/en/elasticsearch/reference/current/docs-reindex.html
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.