Question
I am having a log file that gives a Duration : 10 with timestamp in my logfile. When i a put a search field in kibana for duration, i am able to get a point coming in the graph whenever duration is coming in the log file. How can i get/set the value of a point at the graph.
currently
10:12:34 Duration :5 10:17:19 Duration :7
Whenever Duration is coming a point is coming in the graph.How to set the value at the particular timestamp to 7/10 or whtever is corresponding value for duration.
my logstash conf file is as follows
https://stackoverflow.com/questions/22478736
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russianinput {
file {
path => "C:/log.txt"
}
}
filter {
extractnumbers {
add_field => [ "Duration", "%{message}" ]
}
}
output {
stdout { codec => rubydebug }
elasticsearch {
embedded => true
}
}
Solution 2
This was able to fetch the data of type duration.I added the following filter in logstash.conf file. We can replace Duration with any field we want to extract.
filter {
extractnumbers {
add_field => [ "Duration", "%{message}" ]
}
}
In the kibana dash board we can extract corresponding values.
OTHER TIPS
You want to do something like this:
grok {
match => ["message", %{TIME:time}.*%{NUMBER:duration}]
}
date { match => [ "time", "HH:mm:ss" ] }
