/Folder enumeration completed (6 s)/
This is a sample log. I need to get the number from this string Message. So I tried to split , replace and convert. That didn't work. I tried to create a scripted field first by splitting the token and then converting that field. Didn't work either. Can anyone tell me which is the best way to do this.
Hi,
Welcome to this forum! 
Do you really need to get the data from within Kibana or would it be possible to parse that while ingesting? While ingesting(either using Elasticsearch ingest pipeline or LogStash pipeline) you can use the following grok pattern: /%{DATA:action} \(%{NUMBER:duration} %{DATA:unit}\)/
This gives you the following result:
{
"duration": "6",
"unit": "s",
"action": "Folder enumeration completed"
}
Best regards
Wolfram
Thank you so much Wolfram. I was able to change it during ingestion.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.