Where should I look to troubleshoot why this, and other fields, are not appearing in my aggregation options under visualizations? This appears to be specific to Sum Aggregations, even though I have this working for a similar dashboard on a different index.
edit > Also, it appears to be aggregatable under "Buckets > Terms".
edit > Continuing to dig, I found that this field defaults to a String instead of a Number for some reason. Looking into how to change defaults. Also, I do not see Number as an option for me to rename this field. In the other dashboard, the field name is packet0.length and this is a Number that is aggregatable.
The index pattern is based on what your elasticsearch mapping contains- if your mapping of these fields is as string fields, Kibana will treat them as strings. If you've reindexed your data or changed your mappings in elasticsearch, you can refresh your kibana index pattern and it will pick up those changes.
Indeed, it was because dissect maps to string by default. I'm curious about what you mention regarding re-indexing though, and how I can go about doing that? The process I had to follow was to use mutate, convert to insert new data as an integer, then delete my index, delete my filebeat index, and restart filebeat. I'd like a way to keep my data and re-map it, if possible, for the next time I have to perform this task.
I guess I did not have this assumption since the first filter we build was set up in Ruby, and that one seems to be automatically mapping the integers appropriately. Probably a pretty rare problem to have.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
