How to search text existence in kibana using filter

Hi,

I have text in data.msg : "Generate Settlement Response SettlementResponseVO(settlementId=c540a785-6e0f-4e3f-aad9-8c92ef9d2511, locationId=6d86595c-7c44-4f8f-9b65-6826a27dc2fd, accountId=5055822b-c8f4-42fd-ba8c-c40be6dedce1, amount=0.0000, settlementDate=2019-04-01T07:11:03.045)"

but i know id "c540a785-6e0f-4e3f-aad9-8c92ef9d2511" which exist in text and there are 50 lack logs in kibana. So please help me how to search data.msg only having "c540a785-6e0f-4e3f-aad9-8c92ef9d2511" id.

I think you want to parse the data.msg field into separate fields at ingest. How are you ingesting your logs into Elasticsearch?

With Logstash, you could use the Grok filter to parse your string into different keywords. So your resulting document in Elasticsearch might look like

{ 
  "settlementid": "c540a785-6e0f-4e3f-aad9-8c92ef9d2511",
  "locationid": "6d86595c-7c44-4f8f-9b65-6826a27dc2fd",
  "accountId": "5055822b-c8f4-42fd-ba8c-c40be6dedce1",
  "amount": 0.00,
  "settlementdate": "2019/04/01 11:03:45"
}

Then you can easily create a filter in Kibana on the settlementid field.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.