I am collecting SNMP data from my switch. A sample of the data that I am getting looks like this:
here the pastebin
Every interface is generating its own document. I want to display for each interface its description, its operational status and its physical address.
I have tried creating a table by having the first row as interface.id and the metric aka second row as the _descr.keyword like this
But nothing is showing up for the majority of the interfaces, even if the value very clearly is there.
(an example)
I am sure I am doing something wrong, as ELK is made to monitor / visualize these kind of things. Any kind of help or direction to relevant documentation would be deeply appreciated.
Hello @cow_on_lsd
first screenshot =>
interface.id = 307
interface._descr = 5/1/51
second screenshot =>
interface.id = 0
interface._descr = 1/1/1
third screenshot =>
interface.id = 2
interface._descry = 1/1/2
From **second screenshot **
interface.id = 1,000,000/2,000,000/3,000,000... is having descr blank
So for the records where you do not see the descr, could you please check/share the latest document similar to third screenshot.
This must be issue with your data if it is visible for few records & missing for others.
Thanks!!
Sadly I am not missing any values.
I took a random interface (29). This screenshot is the last document of this interface, _descr is clearly defined.
But it is not showing up anywhere. Same thing is happening for every other interface id.
What I am noticing is, that Kibana is not treating 29 as 29 but as 29'000'000 for some reason.
Thank you for your help.
Hello @cow_on_lsd
I believe it must be something with your data , could you please share the mappings?
Thanks!!
As my data might change slightly, I have not set up a "permanent" mapping yet but am still relying on dynamic mapping (afaik). My mapping in json and here as screenshot
Thank you again for taking your time with this.
Hello @cow_on_lsd
Tried with the mappings provided by you & did not see any issues.
Maybe you can try to filter the values < 50 to see if there are really 2 id’s 29 & 29,000,000
It has to be the data stored in the index maybe review it once via discover which can help why the descr is not populated?
Thanks!!
