I got a file I want to import into Kibana using elasticsearch but in one of the fields it uses "" how can i remove them?
Roedolf
Can you clarify what you mean? It sounds like you haven't indexed the data into Elasticsearch yet, so you can simply check for the empty value and remove the field before sending the document into Elasticsearch.
I have made a grok pattern for dev tools incl fields, bur when i run a test script it comes up with an error that there is an unexpected character " which contains a part of the data i want to see in the fields ive made
{
"error": {
"root_cause": [
{
"type": "parse_exception",
"reason": "Failed to parse content to map"
}
],
"type": "parse_exception",
"reason": "Failed to parse content to map",
"caused_by": {
"type": "json_parse_exception",
"reason": "Unexpected character ('N' (code 78)): was expecting comma to separate Object entries\n at [Source: org.elasticsearch.transport.netty4.ByteBufStreamInput@452d63ce; line: 5, column: 72]"
}
},
"status": 400
}
this is what the error message looks like
Could you give an example of the data and the grok pattern?
THe Grok pattern i am using is:
PUT _ingest/pipeline/jmeter
{
"description": "Ingest pipeline for JMeter Logs",
"processors": [
{
"grok": {
"field": "message",
"patterns": [
"%{DATA:Datetime},%{DATA:Elapsed},%{DATA:label},%{DATA:ResponseCode},%{DATA:responseMessage},%{DATA:ThreadName},%{DATA:DataType},%{DATA:Success},%{DATA:FailureMessage},%{DATA:Bytes},%{DATA:SentBytes},%{DATA:GRPThreads},%{DATA:AllThreads},%{DATA:URL},%{DATA:Latency},%{DATA:IdleTime},%{GREEDYDATA:Connect}"
and the data is as follows:
"24/03/2018 16:03,18325,Login and load portal,200,"Number of samples in transaction : 67 number of failing samples : 0" ,Loadtest PatientPortal 1-1,,TRUE,,1017426,118940,1,1,null,16881,297,3014"
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.