I see alot of fields in discovery tab.
But when i try to create a visualization, those fields does not show.
Also in discovery tab i am getting option to visualize few fields. But most of fields i do not get option to visualize.
Can you please help me understand how I can use all fields for visualization.
Thanks in advance.
what types are those fields you see in discovery but not in visualization ?
visualizations and specific aggregations may require specific types of fields to work. For example a date histogram aggregation only makes sense on a datetime field.
Below value i see in discover tab of "Action" field. I want to creat pie char of same.
Top 5 values in 466 / 500 records
permitted
49.1%
Built
28.3%
Teardown
19.7%
discarded
2.6%
Deny
Another is "Dst_Port" field
dst_port
Top 5 values in 423 / 500 records
53
63.4%
1984
10.4%
88
4.7%
443
4.0%
445
When i try to create visualization then these fields does not show up
When viewing your Index Pattern, are those fields marked as aggregatable? That's a prerequisite for using those fields in visualizations.
No they are not. They don't even show up in index pattern.
They only show in Discover tab.
seems something must be wrong with the index pattern. could you try to delete in and re-create it ?
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.