Having numbered columns like in your example can sometimes make the data hard to analyse and plot. If you instead wanted to break each action into a separate event you could do something like this:
input {
generator {
lines => ['2018259000076;0498;Creacion;2018-09-16 15:24:15;baseuser;Tienda;2018-09-16 15:24:15;MLPARRAF;Capturista;2018-09-16 15:43:07;',
'2018301000689;0535;Creacion;2018-10-28 14:55:34;baseuser;Tienda;2018-10-28 14:55:34;AJMARESR;Capturista;2018-10-28 14:57:48;ZVLOPEZS;Tienda;2018-10-28 14:59:42;MFLORESO01;Capturista;2018-10-28 15:37:58;CHVAZQUEZA;Tienda;2018-10-28 17:13:21;MFLORESO01;Capturista;2018-10-28 17:45:21;AYHEREDIAH;Tienda;2018-10-28 17:47:04;MFLORESO01;Capturista;2018-10-28 18:46:13;PBRITOA;Tienda;2018-10-28 18:49:13;KCOETOM;Capturista;2018-10-28 20:47:02;AJCRUZR;Tienda;2018-10-28 20:48:02;MEHERNANDR01;Capturista;2018-11-12 18:42:44;METENAR;Tienda;2018-11-14 09:13:00;SOSANCHEZN;Capturista;2018-11-18 12:27:20;ZVLOPEZS;Tienda;2018-11-18 12:31:21;']
count => 1
}
}
filter {
dissect {
mapping => {"message" => "%{reason};%{store};%{actions}"}
}
mutate {
gsub => ["actions", ";Tienda", "|Tienda", "actions", ";Creacion", "|Creacion", "actions", ";Capturista", "|Capturista"]
}
split {
field => "actions"
terminator => "|"
remove_field => ["message"]
}
csv {
source => "actions"
separator => ";"
columns => ["action", "action_date", "action_user"]
remove_field => ["actions"]
}
}
output {
stdout { codec => rubydebug }
}