Top message visualization - how to filter

brayndasilva · May 13, 2016, 7:20am

Hi,

I'm working with Syslog data from routers and switches and am trying to make a visualization that shows me what type of message is coming in the most. Like a top 5 message kind of thing so we can quickly see what we deal with the most.

When I try to make a pie chart and split it up based on the syslog_message field I get results, but they don't make sense.

This is what I end up with https://i.gyazo.com/e35a865117295121a3b0d4aaf1fdfea2.png

The message fields include the following which I want to sort it on "APPTRACK_SESSION_VOL_UPDATE", "APPTRACK_SESSION_CLOSE", "CHASSISD_IPC_UNEXPECTED_RECV" and a few more.

The message field is just a bunch of text, but how do I filter it out?

brayndasilva · May 13, 2016, 8:01am

http://pastebin.com/eJY1xfDp

This is what it looks like. What I want to do is make a visualisation that shows me what message I get the most. Some are unique and others aren't so is there a way to filter it in a way so it looks at the first few characters since that's all we need to determine what message it is.

brayndasilva · May 13, 2016, 10:52am

I had to use the .raw version of the field

Topic		Replies	Views
Filter Logstash syslog Logstash	3	675	January 3, 2018
Need help on kibana for visualize from kv filter Kibana	7	861	September 13, 2017
How to search for specific field among different messages Kibana	2	322	September 18, 2018
Extract fields from syslog "message" part for visualization in Kibana Logstash	4	1973	April 19, 2018
How to dispaly the top 10 WARN/INFO/ERROR levels in Kibana visualization? Kibana	6	5369	August 15, 2017

Top message visualization - how to filter

Related topics