Kibana visualization with correct text

P_Kumar · July 19, 2017, 10:05pm

Hi ,
I am collection SystemOut logs using Logstash and creating individual index and trying to see the systemOut message in Kibana but it is showing in json format and also showing some extra mesg. I want to see only "message" in kibana same like original SystemOut.log file .Below is my out put in kibana.

{
"_index": "10.101.11.40_dmgr1_2017.07.19",
"_type": "websphere",
"_id": "AV1cp2O4D7Q6twqsFtpj",
"_version": 1,
"_score": null,
"_source": {
"path": "/was/AppServer/profiles/Dmgr01/logs/dmgr/SystemOut.log",
"@timestamp": "2017-07-19T21:01:00.229Z",
"@version": "1",
"host": "0.0.0.0",
"message": "\tat com.ibm.ws.security.core.distSecurityComponentImpl.initializeSecurityConfig(distSecurityComponentImpl.java:1263)",
"type": "websphere"
},
"fields": {
"@timestamp": [
1500498060229
]
},
"sort": [
1500498060229
]
}

I am expecting to see only :
"message": "\tat com.ibm.ws.security.core.distSecurityComponentImpl.initializeSecurityConfig(distSecurityComponentImpl.java:1263)",

tsullivan · July 19, 2017, 11:34pm

That JSON looks normal for a document in Elasticsearch as seen from a search result. When you search for data, you are going to get back the JSON representation of the data.

If you want to just see the message field, then look at the index pattern for this data in Discover, and click the "add" link next to the message field. Then you'd get something like this:

It looks to me like you're trying to view the data by searching in Dev Tools > Console. (If you're not, let me know where you're seeing this JSON). You can write a search that filters for the message field by using a search like:

GET /logstash-2017.07.07/_search?filter_path=hits.hits._source.message
{
  "sort": [
    {
      "@timestamp": {
        "order": "desc"
      }
    }
  ],
  "query": {
    "match_all": {}
  }
}

P_Kumar · July 19, 2017, 11:52pm

thanks for responding . i added the fileter but still showing other value including messgae .

tsullivan · July 20, 2017, 12:03am

You added _source as a column. Try removing that one, and adding message

P_Kumar · July 20, 2017, 12:24am

Thanks for your support,it is working now as i expected .

Thanks
Kumar

system · August 17, 2017, 12:24am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.