Elastic Search - Extract data from message to use as grouping

jbartlett · December 27, 2018, 12:06pm

Hi,

My application outputs a log every time a user logs into the system in the pattern [username] LOGIN_SUCCESSFUL, e.g.

john.doe LOGIN_SUCCESSFUL
jane.doe LOGIN_SUCCESSFUL

I am capturing these logs (and all the others) in ElasticSearch and then I’m trying to use Grafana to build a dashboard that shows the number of successful logins per user per day.

I’ve managed to create a dashboard (table panel) which shows overall successful logins per day (e.g. query on LOGIN_SUCCESSFUL) however I cannot see any way of extracting the user section of the log and then using that within the dashboard grouping.

Does anyone know if there is a way to do this?

davewaters · January 16, 2019, 6:23pm

That should be fairly easy. Here is an example. Instead of username, I am grouping by ‘Source_Hostname’. The result for my table will be a Column of ‘Source_Hostname’, and another Column of ‘Count’. Note that the Query field is specific to my dashboard, you can set that appropriately to your needs.

Topic		Replies	Views
Grafana v7.3.7 (1e261642f4) with ElasticSearch 6.0+ as datasource grouping Elasticsearch	1	483	November 30, 2021
Elastic Search log message extraction and display in table panel in Grafana Configuration	0	253	July 2, 2020
Extract values from log message Elasticsearch	6	2559	June 23, 2023
Extract a time duration string in container logs from Elasticsearch Elasticsearch	0	79	July 7, 2023
Regex Query in Grafana HELP! Elasticsearch elasticsearch	2	949	May 27, 2022

Elastic Search - Extract data from message to use as grouping

Related topics