I need to split the message term field into different terms

DRDL · February 21, 2018, 11:57am

I need the switch logs to be displayed separately like in the image the whole message field is combined . can i split that message into different fields ?

example:

message : the exact message looks like this :
10.41.0.3 Feb 21 17:06:14 local7 notice 974 Feb 21 17:10:25.394: %SYS-5-CONFIG_I: Configured from console by vty1 (10.41.0.244)

I need to customise it to something like this.

message : Configured from console by vty1 (10.41.0.244)
Ip address: 10.41.0.3
timestamp : Feb 21 17:06:14
facility:local7
priority: info,notice etc

i am using file beat as an agent to ship logs

Christian_Dahlqvist · February 21, 2018, 12:01pm

You can parse your log messages either in Logstash or through an ingest node pipeline in Elasticsearch. This blog post compares these two options and provides a discussion around pros and cons.

DRDL · February 21, 2018, 12:12pm

thank you for the quick response i will get back to you after checking

Topic		Replies	Views
Splitting message log Logstash	4	1376	March 25, 2022
Split Log Message That harvested by filebeat Elasticsearch	2	1851	December 12, 2018
Log4j in integration with logstash Logstash	5	948	July 6, 2017
How can I split up my message log lines in separate tabs/fields? Beats filebeat	2	2004	July 16, 2020
Kibana Message Parse Kibana kql-kibana-query-language	11	1463	September 4, 2023

I need to split the message term field into different terms

Related topics