I want to take each object like this into Kibana as a single event. field1 contains unique value which can identify an event. After searching by field1, or in other words, after finding specific event, I want to make a visualization(bar chart) in Kibana on field2 values. time on X-axis and field2b on Y-axis. Is it possible to create visualization based on values inside an array?
If I apply "split filter" on field2 in Logstash, I can create multiple events, and that could help in creating the above mentioned visualization easier. But, I do not want to create 1 event per 1 array element of field2. I want 1 event to contain entire field2 array. So, is it possible without split filter in Logstash?
Kibana does not support this type of nested events, so I believe you will need to split it up in Logstash in order to visualise it the way you describe.
Thanks for the quick response. I have a use case where I have to generate one event per object above. If I create multiple events by using "split filter" in Logstash, then per each object above, multiple events will be created. That I am trying to stop.
If I use "split filter", then say multiple events are created. In that case, is it possible to show Discover tab results in this fashion below?
In other words, for each object in my question, I need to display field1(which is unique) only once- something like a header. That should be followed by all the events generated because of split filter on field2. Is this structure possible in Kibana?
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.