I need to split the message term field into different terms

DRDL · February 21, 2018, 11:57am

I need the switch logs to be displayed separately like in the image the whole message field is combined . can i split that message into different fields ?

example:

message : the exact message looks like this :
10.41.0.3 Feb 21 17:06:14 local7 notice 974 Feb 21 17:10:25.394: %SYS-5-CONFIG_I: Configured from console by vty1 (10.41.0.244)

I need to customise it to something like this.

message : Configured from console by vty1 (10.41.0.244)
Ip address: 10.41.0.3
timestamp : Feb 21 17:06:14
facility:local7
priority: info,notice etc

i am using file beat as an agent to ship logs

Christian_Dahlqvist · February 21, 2018, 12:01pm

You can parse your log messages either in Logstash or through an ingest node pipeline in Elasticsearch. This blog post compares these two options and provides a discussion around pros and cons.

DRDL · February 21, 2018, 12:12pm

thank you for the quick response i will get back to you after checking

system · March 21, 2018, 12:12pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Ingest pipeline split MESSAGE field into multiple fields Kibana	7	1963	August 2, 2022
Splitting message log Logstash	4	1206	March 25, 2022
Kafka input kibana message one field Logstash	3	309	March 3, 2022
How to Split Message Field with Exchange LOG Information Kibana	3	1407	April 30, 2019
Split data in message field to separate fields to display in kibana Logstash	1	991	May 1, 2020

I need to split the message term field into different terms

Related topics