stackoom
  简体   繁体   中英

Extract a value from @Message as float in logsearch and in Kibana calculate the sum from that extracted value

 原文  2018-08-02 11:51:16       elasticsearch/ kibana/ logstash-grok

Question

I have a value in my @message part that I need to extract out and then provide the sum of that value for that day. I have written below in my filters-default.conf file

if "NETAMT" in [@message] {
 grok {
  match => { "@message" => "<NETAMT>(?<NETAMT>.*?)<\/NETAMT>" }
 }
 mutate {
  convert => [ "NETAMT", "float" ]
 }
}

The field starts appearing in the Kibana UI [![NETAMT Field][1]][1][1]: https://i.stack.imgur.com/r3uHH.jpg

Now when I am trying to sum it using STATS panel, it always gives 0. [![Panel Setting][1]][1][1]: https://i.stack.imgur.com/RWNQv.jpg

[![Stats Data][1]][1][1]: https://i.stack.imgur.com/QTthu.jpg

Can anyone help here, please?

1 answers

solution1
 0  2020-05-30 12:32:07

这在通过 kibana 刷新索引后得到解决,以便新字段变得可索引和可​​搜索。

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Extract value from string in kibana Kibana metric to sum all num values from last date value How do I extract only "message" field values from kibana? Kibana. Extract fields from @message containing a JSON GET TOP HIT FROM A VALUE IF THIS IS 0 KIBANA How do I extract the "message" value from elasticsearch? (DSL) How to update value from a document in elasticsearch through Kibana How to display unique count with latest value from Elasticsearch in Kibana Is it possible to remove/disable a value from Kibana Visualization controls? Exclude results from Elasticsearch / Kibana based on aggregation value
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM