Discuss the Elastic Stack

Field missing when select Top Hit on Y-axis for bar chart

Elastic Stack Kibana

siwapong.cha (ศิวพงศ์ จันสกุลวิบูลย์) September 1, 2022, 12:08pm 1

Hi all,

I'm trying to use Top Hit on my bar chart but many fields are missing from the field selection.

Below are my custom field which came from filebeat (ansible.xxxxxx)

Here when I selected Top Hit, all my ansible field missing.

flash1293 (Joe Reuter) September 1, 2022, 1:18pm 2

How is ansible and child properties defined in the mappings?

siwapong.cha (ศิวพงศ์ จันสกุลวิบูลย์) September 1, 2022, 2:14pm 3

ansible.xxxx fields came from the field "message" and I used filebeat processor dissect to separate "message" into each ansible field

For example below

processors:
  - dissect:
      tokenizer: "%{ansible.xxx},%{ansible.xxx}"
      field: "message"
      target_prefix: ""

Not sure this answer on what you asked.

flash1293 (Joe Reuter) September 8, 2022, 2:22pm 4

No, I meant the mapping definition of your index in Elasticsearch: Get mapping API | Elasticsearch Guide [8.4] | Elastic

Topic		Replies	Views	Activity
No mapping found for {field} in order to sort on for top hit metrics Kibana	2	362	January 17, 2019
Display kibana charts based on db fields or document fields Kibana	2	594	July 6, 2017
Creating a bar chart using fields Kibana	3	618	June 9, 2017
Top hit field calrification Kibana	2	218	June 1, 2020
Kibana 4 / Visualization Fields Subset Kibana	3	774	July 6, 2017

© 2020. All Rights Reserved - Elasticsearch

Elasticsearch is a trademark of Elasticsearch BV, registered in the U.S. and in other countries
Trademarks
Terms
Privacy
Brand
Code of Conduct

Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.