I need to split the message term field into different terms

DRDL · February 21, 2018, 11:57am

I need the switch logs to be displayed separately like in the image the whole message field is combined . can i split that message into different fields ?

example:

message : the exact message looks like this :
10.41.0.3 Feb 21 17:06:14 local7 notice 974 Feb 21 17:10:25.394: %SYS-5-CONFIG_I: Configured from console by vty1 (10.41.0.244)

I need to customise it to something like this.

message : Configured from console by vty1 (10.41.0.244)
Ip address: 10.41.0.3
timestamp : Feb 21 17:06:14
facility:local7
priority: info,notice etc

i am using file beat as an agent to ship logs

Christian_Dahlqvist · February 21, 2018, 12:01pm

You can parse your log messages either in Logstash or through an ingest node pipeline in Elasticsearch. This blog post compares these two options and provides a discussion around pros and cons.

DRDL · February 21, 2018, 12:12pm

thank you for the quick response i will get back to you after checking

system · March 21, 2018, 12:12pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.