Nagios Support Forum

Hi,

I have application logs injected to elasticsearch and the logs are in json format. I want to filter Username under the elasticsearch fields list. which means, I want to get the "Username" field in the filed list when a queried result displays.

Left fields column (All Events) also should have the Username filed listed.

Sample user id --> ,"USER":"applogAdmin",

Those logs having the following characteristics and I hope it will help to filter "USER" correctly.

Program ---> AppNinja
tags ---> SEC
type ---> import_json

Can you please help me to filter the USER and add it to the filed list?

Thank you
Luke

Are these Windows' application logs or logs from an application running on the server? The JSON codec should be able to pull and create fields automatically based on the JSON. Test with the following input:

Hi

I already managed to input those logs to NLS. But I don't see fields are displaying in under the fields list(left side column). Can we write a filter to display a particular field as I want to use it for further filtering?

Hope you can help me with this.

Thank you
Luke.

As long as the timeframe is correct then all available fields should be displayed. Are you sure the events are getting parsed and put in this field? You can try querying for event with this field:

Hi

I am uploading archived logs to nls, every 1 hour.

@timestamp - 2019-04-09T23:01:20.569Z Message time stamp (content body) - 2019-04-10 06:04:01 171 nothing has been displayed for fieldname:* Input filter;

tcp {
type => 'APPLOG'
tags => 'COOL'
port => 2057
codec => json{charset => 'CP1252'}
}

Thank you
Luke.

I should have clarified - "fieldname" should be the field that you're trying to have show up in the list.

The screenshots only show the messages field - we'll want to see the full event details(showing all fields).