so, i need to change this message to column and filter it with type=traffic , subtype=forward and visualize it. can anyone help me? thankyou
so, i need to change this message to column
I don't understand.
and filter it with type=traffic , subtype=forward and visualize it.
Use a grok filter to separate "<189>" from the rest of the message. Feed the remainder ("date=2017-08-14" and onwards) to a kv filter.
i'm new to this, can you give me an example of kv filter? still confused on how to use kv filter. thankyou
The kv filter documentation contains a very simple example of how to parse exactly the kind of data you have. The only thing I'll add is that the filter defaults to parsing the contents of the message field. If you use a grok filter to separate <189> from the key=value pairs the latter might end up in a different field and then you'll have to use the kv filter's source option to select that field.
thankyou for your explanation, i already can use the kv filter and now i want to visualize it. can you help me to visualize it ? cause if i click the filter on kibana, there's no visualize under it. thankyou
I suggest you ask Kibana questions in the Kibana category.
okay i'm gonna move it. thankyou ^^
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.