Hey guys,
i play a bit with the Elastic Stack and i try to visualize some log files.
i allready read so many topics how to filter these files, but i didn't get a solution, hopefully i can get some help here 
File .log file looks like this:
{
level: 'info',
message: 'Updating status for user: 8b57ec08-08df-47d3-80b6-de203b9ed314',
timestamp: '2021-05-18 14:01:33'
}
{
level: 'debug',
message: 'Detecting stale user status entries in database...30 min',
timestamp: '2021-05-18 14:01:33'
}
{
level: 'error',
message: 'Updating status for user: 8b57ec08-08df-47d3-80b6-de203b9ed314',
timestamp: '2021-05-18 14:02:13'
}
My logstash.conf file:
input {
file {
codec => multiline {
pattern => "{"
negate => "true"
what => "next"
}
path => "/usr/share/logstash/data/file.log"
start_position => "beginning"
sincedb_path => "/dev/null"
}
}
filter {
grok {
match => {
"message" => "%{TIMESTAMP_ISO8601:timestamp} %{LOGLEVEL:level} %{GREEDYDATA:message}"
}
}
}
output {
elasticsearch {
hosts => "elasticsearch:9200"
user => "elastic"
password => "changeme"
ecs_compatibility => disabled
index => "%{[host]}-%{+YYYY.MM.dd}"
}
}
Elasticsearch import the the file and all information are in the message field. I would like to extract the message field in the field "level", "message" and "timestamp" that i can select which one i would like see in the Dashboard. Since 1 week i try this and i and already tried out with dissect and mutate, but nothing works for me.
Please help me!
Thank you!