I have two log files (to be simple)
one with ID NAME
another with ID STATUS
When I pull them into elastic search, It gets parsed in different timestamps
So, I cannot use all those 3 fields inside a single visualization
Is there anyway of achieving that??
Thanks in advance 
Did you try increasing the timeframe?
1 Like
time difference is in milliseconds.. I will give a screen shot!
Capture|690x141
inst_id inst_name status
for same inst_id I require other two fields to be displayed in a same visualization
I tried "dataTables" but one value gets nullified
incase the screenshot doesn't load
@timestamp inst_id inst_name status
> September 8th 2017, 12:06:55.526 100 - ONLINE
> September 8th 2017, 12:06:55.558 100 ICICI -
> September 8th 2017, 12:06:55.559 101 IDBI -
> September 8th 2017, 12:06:55.527 101 - ONLINE
I dont know how to preserve spaces in this comment 
Use the code formatting button - </>.
1 Like
Thanks for the help, this is the parsed info in elastic search from two logs containing Inst_id inst_name in one file and inst_id status in one file
Time inst_id inst_name status
September 8th 2017, 12:06:55.571 107 CANARA -
September 8th 2017, 12:06:55.584 107 - OFFLINE
September 8th 2017, 12:06:55.570 106 IOB -
September 8th 2017, 12:06:55.581 106 - ONLINE
September 8th 2017, 12:06:55.579 105 - ONLINE
September 8th 2017, 12:06:55.568 105 KVB -
September 8th 2017, 12:06:55.566 104 AXIS -
September 8th 2017, 12:06:55.576 104 - ONLINE
I need to get inst_name and status into same visualization with Inst_ID, but any one field gets nullified due to timestamp
EDIT: Found a work around...
Using : Elasticsearch filter plugin
We can query the stored info in elastic search and can add as a new field in to current data
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.