Kibana visualization with correct text

Elastic Stack Kibana
1

Hi ,
I am collection SystemOut logs using Logstash and creating individual index and trying to see the systemOut message in Kibana but it is showing in json format and also showing some extra mesg. I want to see only "message" in kibana same like original SystemOut.log file .Below is my out put in kibana.

{
"_index": "10.101.11.40_dmgr1_2017.07.19",
"_type": "websphere",
"_id": "AV1cp2O4D7Q6twqsFtpj",
"_version": 1,
"_score": null,
"_source": {
"path": "/was/AppServer/profiles/Dmgr01/logs/dmgr/SystemOut.log",
"@timestamp": "2017-07-19T21:01:00.229Z",
"@version": "1",
"host": "0.0.0.0",
"message": "\tat com.ibm.ws.security.core.distSecurityComponentImpl.initializeSecurityConfig(distSecurityComponentImpl.java:1263)",
"type": "websphere"
},
"fields": {
"@timestamp": [
1500498060229
]
},
"sort": [
1500498060229
]
}

I am expecting to see only :
"message": "\tat com.ibm.ws.security.core.distSecurityComponentImpl.initializeSecurityConfig(distSecurityComponentImpl.java:1263)",

2

That JSON looks normal for a document in Elasticsearch as seen from a search result. When you search for data, you are going to get back the JSON representation of the data.

If you want to just see the message field, then look at the index pattern for this data in Discover, and click the "add" link next to the message field. Then you'd get something like this:

It looks to me like you're trying to view the data by searching in Dev Tools > Console. (If you're not, let me know where you're seeing this JSON). You can write a search that filters for the message field by using a search like:

GET /logstash-2017.07.07/_search?filter_path=hits.hits._source.message
{
  "sort": [
    {
      "@timestamp": {
        "order": "desc"
      }
    }
  ],
  "query": {
    "match_all": {}
  }
}
3

thanks for responding . i added the fileter but still showing other value including messgae .

4

You added _source as a column. Try removing that one, and adding message

5

Thanks for your support,it is working now as i expected .

Thanks
Kumar

6

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.