So I have Filebeat pumping from a few IIS Servers into Kibana (YAY!)
My question is this:
Once I have a filter that makes say, 100,000 log-lines filtered down into 1,000, is there a way I can output the "Message" variable (Which is basically just the raw log line) to just a bigass list either in the Kibana interface or with a CSV?
Sometimes there are items that I really just want to see the raw data on because I can't figure things out without putting my eyes on the log lines. Do I have a way to do this?
So this is perfect. However, what I still am looking for is to output that result into an easily digestable form (either CSV, flatfile, or just in the UI) so I can look at it much like I would look at weblogs.
So a table of timestamp, message would be perfect.
barring that, a table of [timestamp, client.user_agent, url.path, url.query] across the filtered logs would be preferable.
Sure, so the Discover will give you a nice table with selectable column to show. If you need to download that table as CSV you can use the Share button on the top bar and generate the CSV out of the saved search
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.