Make Readable message in kibana

Bhavin_Varsur · October 8, 2020, 11:17am

In the above picture you can see message,timestamp and fields which is added by grok pattern.
with use grok pattern take value from message and added into fields(set names in grok).
now in fields you can see values but in the message the values also here and it doesn't make any sense .
I want see in message field only message of log.

for more detail here is my grok pattern :

filter{
        if [fields][log_type] == "gbase"
	    {
	         if [level] in [ "Error", "Fatal" ] 
	         {
			     grok { match=> ["message","%{DATESTAMP:timestamp} %{WORD:processId} %{LOGLEVEL:level} %{USERNAME:logger} %{USER:user} %{URI:requestUrl} %{USER:method} %{IPV4:clientIp} %{GREEDYDATA:message}"]}
	         }
		     else
		     {
			      grok { match=> ["message","%{DATESTAMP:timestamp} %{WORD:processId} %{LOGLEVEL:level} %{USERNAME:logger} %{USER:user} %{IPV4:clientIp} %{GREEDYDATA:message}" ]}
		     }
		
	   }
}

How can I make this ?

system · November 5, 2020, 11:17am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Grok filter. How do I break up the message information? Logstash	4	1323	January 18, 2018
Message contains full log line Logstash	3	844	September 28, 2018
Logstash - Add fields from the log fields property - Grok Logstash	3	2516	January 31, 2017
Fields in messages Logstash	4	1522	February 23, 2018
Logstash Grok problem Logstash	1	345	January 2, 2020

Make Readable message in kibana

Related topics