Hi there! I have logs being fed to elasticsearch index and one of the fields I have is a "message" field which contains information about particular event in live fashion. What I am trying to do is dissect this message into multiple fields to get some meaningful data out of it. However, I encounter one problem specifically when I am trying to do so - array separation. Last part of many log messages I have is an array of users : their username, id and ip address. What I want is to use GROK debugger INSIDE kibana, hence , find some pattern that will separate an array of similar fields into one JSON file which will contain , say, array of users, ids and ips. Again, first, I want to use grok debugger to find the pattern in kibana and only then I will use logstash to dissect these fields.
My question is: can you, please, tell me which grok pattern is usually used to separate an array of similar fields and moreover organize them together somehow to be in one file after this separation? Thank you.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.