Creating a dashboard that will show all messages/entries in Elastic that meet a certain requirement

Elastic Stack Kibana
1

Hi, I'm very new to Kibana and Elasticsearch and have been fiddling with this for a few hours trying to get it to work.

My use case is probably very simple but I can't seem to make it show both filters at once. What I want to do is basically this:

  1. Create a dashboard where I am searching for existence of a field/being assigned a value. For all entries in Elastic that do not have this field assigned a value, I'd like to display the full entry in a simple log/line format.

  2. I would like to create a visualization (Pie chart maybe?) where I show the total count and percentage of the field being utilized across all messages.

For example 100 messages total, and 95 are assigned the field, whereas 5 were not.

How can I do this? Whenever I tried making the visualization if I made a filter with the "exists" value, and tried adding a new one with the "does not exist value" it simply changed the first filter, not make a new one.

Would appreciate all help.

Thanks,
Julie

2

Hi and welcome to our community!

Let's start with displaying the entries that do not have this field assigned.

First you go to Discover and create a saved search.

Discover__field_does_not_exist_-_Elastic_Kibana_und_App_instance
Discover__field_does_not_exist_-_Elastic_Kibana_und_App_instance1447×1212 286 KB

Second you add this saved search to your dashboard.

Elastic_Kibana
Elastic_Kibana1432×646 127 KB

Is this the result you expect to resolve part 1 of your request?

Best,
Matthias

1 Like
3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.