elasticsearch - Logstash grok pattern field not appearing in Kibana -

i have been investigating elk potential logging/monitoring solution. have stack set , working, , starting filter logs via grok.

is possible have specific part of grok pattern appear field in kibana?

for example, take following pattern:

samslog %{hour}:%{minute}:%{second} \[%{username:user}\] - %{javalogmessage} 

i hoping (and have read) "user" should become available field in kibana able search/filter results on? have misunderstood or missing vital link in chain?

full grok pattern:

multiline {       patterns_dir => "/home/samuel/logstash/grok.patterns"       pattern => "(^%{samslog})"       negate => true       => "previous"     } 

thank you, sam

yes, whole "magic" of logstash take unstructured data , make structured fields it. so, basic premise correct.

what you're missing multiline{} filter used combine several input lines 1 event; that's does. "pattern" field there used identify when new line should started.

to make fields out of event, need use grok{} filter.