Kibana data table Split row on String with pipe seperator

Hello,

I just started working with Kibana and I am just learning the ropes.
I have log messages in a data table, and I want to see the ones that occur the most.
There are key values in the messages that differ sometimes so they mess up the results when using the complete error message.
They are structured a bit like this.
"Couldn't find the last element | id=123 | version=2.0"

What I would like to do is have the aggregation on the Terms, but not on the full message but only on the first part. So from start to |

Could any of you help me with this?

Kibana is not meant for doing this kind of data processing, although there are options. In general, if you are trying to create structured data from logs I would recommend using an ingest pipeline. For example, you could set up a pipeline that splits on the pipe character using the split processor.

Your other options are:

• Use a scripted aggregation where you write a script to split the strings
• Use a Vega visualization which allows full control of the Elasticsearch query and has post-processing options
• Create a continuous data frame transformation