Add field in table of Kibana dashboard

Elastic Stack Kibana
1

Hi
I have Kibana that visualize my data and I want to add column that exist in my log but I don't know how to add that filed in column.

Thanks for your attention.

2

Hi @yashar.ansari76 Welcome to the community.

You are going to need to provide a lot more detail if you want help.

Lets start with Basics...

What Version are you on?

Can you show a sample JSON of the Document that is in Elastic?

And show us what Fields you would like to see in Discover?

Depending on your answers, there could be different approaches.

3

Thanks @stephenb for your reply.
my elastic version is 7.17.11 and some json sample is:

{
  "_index": "journalbeat-7.9.3-2024.02.18",
  "_type": "_doc",
  "_id": "GPvcvI0BPx6x19YSr8ml",
  "_version": 1,
  "_score": 1,
  "_ignored": [
    "journald.custom.syslog_raw.keyword"
  ],
  "_source": {
    "systemd": {
      "unit": "haproxy.service"
    },
    "@timestamp": "2024-02-18T15:36:33.846Z",
    "syslog": {
      "pid": 2998784,
      "identifier": "haproxy"
    },
    "process": {
      "pid": 2998784,
      "name": "haproxy"
    },
    "ecs": {},
    "event": {
      "created": "2024-02-18T15:36:34.899Z"
    },
    "journald": {
      "custom": {
        "syslog_raw": "<134>Feb 18 19:06:33 haproxy[2998784]: 172.17.1.1:56088 [18/Feb/2024:19:06:33.755] nova_api_os_compute-front-2 nova_api_os_compute-back/infra04_nova_api_container-42de7c54 0/0/0/90/90 200 335 - - ---- 1/1/0/0/0 0/0 \"GET /v2.1/servers/detail?all_tenants=1&limit=100&status=ERROR HTTP/1.1\"\n",
        "syslog_timestamp": "Feb 18 19:06:33 "
      }
    },
    "agent": {
      "hostname": "infra01",
      "name": "infra01",
      "type": "journalbeat"
    },
    "@version": "1",
    "host": {
      "os": {
        "version": "22.04.2 LTS (Jammy Jellyfish)"
      }
    },
    "tags": [
      "beats_input_codec_plain_applied"
    ],
    "message": "172.17.1.1:56088 [18/Feb/2024:19:06:33.755] nova_api_os_compute-front-2 nova_api_os_compute-back/infra04_nova_api_container-42de7c54 0/0/0/90/90 200 335 - - ---- 1/1/0/0/0 0/0 \"GET /v2.1/servers/detail?all_tenants=1&limit=100&status=ERROR HTTP/1.1\"",
    "log": {
      "syslog": {
        "facility": {}
      }
    }
  },
  "fields": {
    "@version.keyword": [
      "1"
    ],
    "message": [
      "172.17.1.1:56088 [18/Feb/2024:19:06:33.755] nova_api_os_compute-front-2 nova_api_os_compute-back/infra04_nova_api_container-42de7c54 0/0/0/90/90 200 335 - - ---- 1/1/0/0/0 0/0 \"GET /v2.1/servers/detail?all_tenants=1&limit=100&status=ERROR HTTP/1.1\""
    ],
    "agent.hostname": [
      "infra01"
    ],
    "syslog.identifier": [
      "haproxy"
    ],
    "process.pid": [
      2998784
    ],
    "agent.hostname.keyword": [
      "infra01"
    ],
    "tags": [
      "beats_input_codec_plain_applied"
    ],
    "process.name": [
      "haproxy"
    ],
    "agent.type": [
      "journalbeat"
    ],
    "@timestamp": [
      "2024-02-18T15:36:33.846Z"
    ],
    "journald.custom.syslog_timestamp": [
      "Feb 18 19:06:33 "
    ],
    "journald.custom.syslog_raw": [
      "<134>Feb 18 19:06:33 haproxy[2998784]: 172.17.1.1:56088 [18/Feb/2024:19:06:33.755] nova_api_os_compute-front-2 nova_api_os_compute-back/infra04_nova_api_container-42de7c54 0/0/0/90/90 200 335 - - ---- 1/1/0/0/0 0/0 \"GET /v2.1/servers/detail?all_tenants=1&limit=100&status=ERROR HTTP/1.1\"\n"
    ],
    "journald.custom.syslog_timestamp.keyword": [
      "Feb 18 19:06:33 "
    ],
    "host.os.version": [
      "22.04.2 LTS (Jammy Jellyfish)"
    ],
    "event.created": [
      "2024-02-18T15:36:34.899Z"
    ],
    "@version": [
      "1"
    ],
    "systemd.unit": [
      "haproxy.service"
    ],
    "agent.name": [
      "infra01"
    ],
    "systemd.unit.keyword": [
      "haproxy.service"
    ],
    "syslog.pid": [
      2998784
    ],
    "syslog.identifier.keyword": [
      "haproxy"
    ]
  },
  "ignored_field_values": {
    "journald.custom.syslog_raw.keyword": [
      "<134>Feb 18 19:06:33 haproxy[2998784]: 172.17.1.1:56088 [18/Feb/2024:19:06:33.755] nova_api_os_compute-front-2 nova_api_os_compute-back/infra04_nova_api_container-42de7c54 0/0/0/90/90 200 335 - - ---- 1/1/0/0/0 0/0 \"GET /v2.1/servers/detail?all_tenants=1&limit=100&status=ERROR HTTP/1.1\"\n"
    ]
  }
}

I want to show message part in kibana table.

4

A table or saved search can you show what you are trying to create?

A Table is usually aggregations and typically you don't aggregate on a message fields because the tend to be unique can you show / describe what you are trying to accomplish?

5

I want to show logs error messages in table with my saved query.
for example:
when there is error in specific service I come to discover tab and I have some saved query that show where/why is error happened.
now I want to show that where/why message in table.

Capture
Capture1695×590 99 KB

6

Just add the message field to the discover table... Find the field message in the left hand list of fields and just hit the little plus sign to add it to the table to the right

You can add whichever fields you like like timestamp message, log level, etc

Then you can save it so you can always come back to it or you can even add that to a dashboard

7

I added message field.
how can I show in table of Kibana dashboard?

8

Save The Saved Search

Dashboard - Create New Dashboard + add from library

Perhaps review the docs

Get in there and start exploring :slight_smile:

9

Thanks a lot @stephenb
Wishing you all the best.

1 Like
10

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.