Spliting the lines in multple fields

hi all,

Currently i’m trying to load the log data into Kibana, as part of the loading I have one message tag which has got date timestamp / loglevel / tat

sample
message:xyzzz#002(99268) 2018/02/08 00:03:37 -INFOS- {1:2} 091ms / 10.948 TPS

can anyone let me know how to extract the date and timestamp in field and TPS in another filed in ELK.

You need to do that during log ingestion , for example in log stash or whatever system you use to insert logs into elasticsearch

Hi Torkel,

thanks for your swift response, I’m using logstash. As part of log injection i’m trying to split using grok filter, unfortunately it’s not working

grok {match => { “message” => “%{DATA:router} %{yyyy/MM/dd HH:mm:ss:timestamp} %{GREEDYDATA:log}” } }