Newbie- trying to get info from various lines of a log

mhooper · February 22, 2017, 4:49pm

What is best practice to get information that may be strewn over multiple lines of a log file.

Desired result: visualization of how many times 'person' bought a 'coffee' over a period of time.

I have to parse through a log which tracks events, but there is a separate log line for the person who event pertains to. The threadid for the whole transaction is the same to link them, but lines are separated.

example log lines.

timestamp threadid "Person logged in"
timestamp threadid "Coffee purchased"

the threadids are the same, but timestamps are different. looking for a way to link these events in a manner that can be used in a visualization.

thank you

lukas · February 22, 2017, 7:47pm

I would recommend you look into this excellent training by Mark Harwood about this subject: https://www.elastic.co/elasticon/2015/sf/building-entity-centric-indexes

It describes the best practices surrounding what you are trying to do. Hope that helps, and please feel free to ask for clarification on anything specific.

system · March 22, 2017, 7:47pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How to search and display log events linked through a series of UUIDs Kibana	2	298	September 13, 2023
Combining information from different blocks of information of the same logfile Kibana	3	414	October 26, 2018
Logstash: Extracting Information from differenty log lines into one event Logstash	1	375	December 13, 2016
What is the best way to parse a log file which has sections that I need to remember when reading following lines? Logstash	1	404	July 6, 2017
Duplicate Events in Kibana Beats winlogbeat	1	445	July 29, 2019

Newbie- trying to get info from various lines of a log

Related topics