User Name is not coming, its coming as %{usr} when viewed in Kibana. Here George is the Username. Please let me know what should I do. My requirement is to display jobid, elapsedtime and username in kibana. Thanks in advance!.
Log:
2018-09-27 09:27:18,615 71e02f2f-32d5-9509-870a-f80e54dc8775 George Started
2018-09-27 09:29:14,615 71e02f2f-32d5-9509-870a-f80e54dc8775 George Complete
filter {
grok {
match => ["message", "%{TIMESTAMP_ISO8601:timestamp} %{UUID:messageId} %{USERNAME:usr} %{WORD:event}"]
add_tag => [ "%{event}" ]
}
date {
match => [ "timestamp", "ISO8601"]
}
elapsed {
unique_id_field => "messageId"
start_tag => "Started"
end_tag => "Complete"
new_event_on_match => true
add_tag => ["%{messageId}"]
add_field => { "User" => "%{usr}"}
}
if "%{messageId}" in [tags] {
aggregate {
task_id => "%{messageId}"
code => "map['report'] = [(event['elapsed_time']*1000).to_i]"
map_action => "create"
add_field => { "User" => "%{usr}"}
}
}