Kibana. Extract fields from @message containing a JSON
Question
I would like to extract in Kiabana fields from @message field which contains a json. ex:
Audit{
uuid='xxx-xx-d3sd-fds3-f43',
action='/v1.0/execute/super/method',
resultCode='SUCCESS',
browser='null',
ipAddress='192.168.2.44',
application='application1',
timeTaken='167'
}
Having "action" and "application" fields I hope to be able to find top 5 requests that hits the application.
I started with something similar to this:
filter {
if ([message]~ = "Audit") {
grok {
match => {
"message" => "%{WORD:uuid}, %{WORD:action}, %{WORD:resultCode}, %{WORD:browser}, %{WORD:ipAddress}, %{WORD:application}, %{NUMBER:timeTaken}"
}
add_field => ["action", "%{action}"]
add_field => ["application", "%{application}"]
}
}
}
But it seems to be too far from reality.
1 answers
solution1
1 2018-06-11 14:08:44
If the content of "Audit" is really in json format, you can use the filter plugin "json"
json{
source => "Audit"
}
It will do the parsing for you and creates everything. You don't need grok / add_field.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.
Related Question
Kibana. Filtering records by matching values from another filtering
How do I extract only "message" field values from kibana?
Kibana. Data tables. Exclude terms depending on the length
LogStash extract fields from syslog message
Extract value from string in kibana
Split filebeat message field into multiple fields in kibana
How to search Json message in Kibana elasticSearch
Extract a value from @Message as float in logsearch and in Kibana calculate the sum from that extracted value
Parsing JSON data into separate fields in Kibana
How to extract month from datetime in Kibana and Elastisearch?
Related Tags