Split field data

hsiuming · November 20, 2017, 7:27am

Hello

We now have a ELK system with logstash,elasticsearch and kibana.

The logstash configure is:

input {
beats {
port => 5044
}
}

filter {
grok {
match => [ "message", "%{COMMONAPACHELOG}" ]
}
}

output {
if [type]=="wineventlog" {
elasticsearch {
hosts => "localhost:9200"
index => "wineventlog-%{+YYYY-MM-dd}"
}
}
else
{

elasticsearch {
hosts => "localhost:9200"
}
}
}

The module of index is default.

Now we get the data with winlogbeat and we want to split the "event_data.Binary" row in the kibana table.

For example:

The origin content of event_data.Binary row is "000000000003".

And we want to split it to three row on kibana:

event_data.Binary1 0000

event_data.Binary2 0000

event_data.Binary3 0003

Could we use logstash or kibana to do it ?

magnusbaeck · November 20, 2017, 8:45am

You can do it with a ruby filter in Logstash.

system · December 18, 2017, 8:45am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Splitting message log Logstash	4	1260	March 25, 2022
Kafka input kibana message one field Logstash	3	313	March 3, 2022
Split "event_data" to only show the original field Beats winlogbeat	3	1209	April 13, 2017
Splitting csv files send to elasticsearch via logstash http input Logstash	1	299	August 5, 2021
How to split array field in json and send it as separate event Logstash	3	334	October 3, 2019