Elasticsearch version 5.5.1
kibana version 5.5.1
Logstash version 5.5.1
Beats version 5.5.1
my message field:
message:[INFO ] Status => SENT | client : [IPDC] | cell : [1746710009] | message-delivery-time : [2017-08-07 09:46:27,807] | Operator: [ROBI]
I would like to split according to Status, Client, Operator and message-delivery-time.
I wish any expert will help me.
Thanks
You could use scripted fields to do this at query time using regular expressions, or string manipulation, but that will not be efficient and will be pretty brittle. The correct way to do it would be with a tool like Logstash, which would split the string up before writing the message to Elasticsearch. Then Kibana would be able to fully utilize the values in there, and things like dates, numbers, etc, would be typed correctly and searchable/filterable/aggregatable
my logstash.conf
filter {
mutate {
remove_field => [ "type", "tags", "input_type", "@version", "beat", "offset"]
}
}
my discovery logs format:
@timestamp:August 8th 2017, 13:45:54.424 host:vNTDACLSnTALK01 source:/home/local/group/nazdaq/logs/naztech.log message:[INFO ] Status => SENT | client : [MTB] | cell : [1746710009] | message-delivery-time : [2017-08-07 09:46:27,807] | Operator: [GP]
Available field:
@timestamp
message
host message
source
I need available field:
@timestamp
message
host message
source
status
client
operator
What can I do? Please anybody help me.
thanks
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.