Blank Timelion

ebosdev · October 13, 2021, 6:56am

Hello everyone,

I am using Kibana 7.9.3 and I am currently facing an issue where the timelion is blank

this is the query i am using
.es(index=investigation_master_index,timefield=uco-observable:sentTime.@value, split=messageText.keyword:1000)

The sentTime and messageText are full of data and if i dont use the split with messageText the timelion is displayed correctly, but i want to correllate sentTime with messages in order for the visualization to make sense.

Below are the mappings of the messageText field
"uco-observable:messageText" : {
"type" : "keyword"
},

Have in mind i have also used
.es(index=investigation_master_index,timefield=uco-observable:sentTime.@value, split="uco-observable:messageText.keyword:1000")

and it returns an error
size doesn't support values of type: VALUE_NULL

Any ideas?

Thank you

bhavyarm · October 25, 2021, 9:09pm

Hello,

I have asked for help on your question here Values of type: VALUE_NULL

Thanks
Bhavya

system · November 22, 2021, 9:09pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Values of type: VALUE_NULL Kibana	4	395	November 24, 2021
Timelion always brings back blank Kibana timelion	3	1672	June 28, 2017
Timelion not showing any data Kibana timelion	5	7670	August 14, 2017
Timelion page is blank Kibana	4	2018	December 6, 2016
All my TimeLions Stoped working after upgrading to 6.1.3 Kibana timelion	3	501	April 24, 2018

Blank Timelion

Related topics