You could use scripted fields to do this at query time using regular expressions, or string manipulation, but that will not be efficient and will be pretty brittle. The correct way to do it would be with a tool like Logstash, which would split the string up before writing the message to Elasticsearch. Then Kibana would be able to fully utilize the values in there, and things like dates, numbers, etc, would be typed correctly and searchable/filterable/aggregatable