I have installed elastic,logstash and kibana. I am able to pass log file through logstash to elasticsearch and view in kibana. But my data is in json format, how can parse the object into different parts, in kibana.
Please suggest
hi @rashmy,
how exactly does your index mapping look like? Do you only have a single field in your index which is a large JSON-string?
It sounds like you might want to put codec => json somewhere in your Logstash configuration, but without details I can't get more specific.
Hi Thomas,
My message format is like this : message:[2016-12-09 14:05:44.306] [INFO] ovpportal - 25522 172.31.239.188, 147.151.218.105, 10.9.190.27 200 - gowtham.chandrasekaran@bt.com "GET /fonts/iconsbt-webfont.woff?v=1481119094464 " 4.409 - "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3; Tablet PC 2.0; MS-RTC LM 8)". From this, if I want to serach for particular value and display in graph, how do I do that. I could see only option as "message" in the filter
This kind of field extraction isn't done in Kibana. Use Logstash and a number of filters to parse the string. At the very least you'll need a grok filter and a date filter. The Logstash documentation contains examples of how to parse strings similar to what you have.
Okay..Thanks for your reply
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.