Exporting and visualizing with surrounding documents

Jose_E · October 17, 2022, 9:05am

Hello, I've encountered a rather simple scenario that I don't know how to solve with Kibana. Our current deployment receives logs from all machines in the network, and our goal is to switch to Kibana as a way of debugging all kinds of issues from one place, instead of having to jump from one machine to another following an error.

The problem we've found is that we don't know how to export the 'surrounding documents' and whether it's possible to create a visualization using those documents. What I've tried before is to use the surrounding documents to find out the span in which the event happened, and then make a simpler search (perhaps only the hostname involved) within that timeframe and then export them or create a visualization with them. But still, it feels like taking extra steps, is there a way to do any of that directly from the surrounding documents view?

Thanks in advance.

Stratoula_Kalafateli · October 17, 2022, 9:21am

No unfortunately there is not an easier way right now but sounds to me as a nice enhancement. Can you create a feature request in our repo? Sign in to GitHub · GitHub

I see 2 things that could be added:

Export in CSV the surrounded documents
Visualize them

Jose_E · October 17, 2022, 10:28am

Thank you very much, I followed your advice and created Issue 143433. I think this can be a great improvement for Kibana that will facilitate log analysis and correlation of events.

system · November 14, 2022, 10:28am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.