I just started working with Kibana and I am just learning the ropes.
I have log messages in a data table, and I want to see the ones that occur the most.
There are key values in the messages that differ sometimes so they mess up the results when using the complete error message.
They are structured a bit like this.
"Couldn't find the last element | id=123 | version=2.0"
What I would like to do is have the aggregation on the Terms, but not on the full message but only on the first part. So from start to |
Kibana is not meant for doing this kind of data processing, although there are options. In general, if you are trying to create structured data from logs I would recommend using an ingest pipeline. For example, you could set up a pipeline that splits on the pipe character using the split processor.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.