Split text field into array

yosi · October 22, 2017, 10:41am

Hey guys, i'm new in ELK and i'm trying to figure how to split my field into an array .
json input looks like this :
{
{
"ID":"1",
"FilesByProcess":"C:\Windows\system32\taskhost.exe:100;C:\Windows\system32\cmd.exe:10",
"another_field":"xxx"
}
{
"ID":"2",
"FilesByProcess":"C:\Windows\system32\taskhost.exe:150;C:\Windows\system32\cmd.exe:600",
"another_field":"xxx"
}
{
"ID":"1",
"FilesByProcess":"C:\Windows\system32\cmd.exe:10;C:\Windows\system32\svchost.exe:20",
"another_field":"xxx"
}
}

FilesByProcess can have multiple values splited by -";"
i want to filter by ID and files by process , for example for id -1 i want to see the how many files modified by taskhost.exe(110)
I've looked for some answers and i try Split Process but i dont see any results on the kibana
"split": {
"field": "FilesByProcess",
"separator": ";"
}

also i tried mutate filter plugin filter {
mutate {
split => { "FilesByProcess" => ";" }
}
}

magnusbaeck · October 23, 2017, 6:14am

Show an example event. Copy/Paste from Kibana's JSON tab.

system · November 20, 2017, 6:15am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Flatten the json array into field in filter of logstash Logstash	2	1825	July 11, 2018
How to split field value into an array? Logstash	2	3745	September 14, 2020
Split nested json array from log Logstash	13	3994	May 18, 2020
How to split array field in json and send it as separate event Logstash	3	334	October 3, 2019
Split text field in array with multiple value Kibana	2	419	February 23, 2022

Split text field into array

Related topics