I am quite new to Kibana, hoping someone can help me get past an issue I'm having.
I have memory profiling from multiple VMs getting put into elasticsearch using a custom beat.
When in the Discover, I see all the JSON returns.
eg.
beat.hostname = Node(1...5) -- I have 5 of these nodes, each with their response
...
response.body:{"value":{"used":18213048}} (among other fields)
I'd like to visualize this in a line chart; time on the X-axis, and used memory on the Y-axis, but I'd like to have multiple lines (one for each Node/hostname).
I put time on the X-axis, and, while the Y-axis allows me to select the Average aggregation of response.jsonBody.value.used (which is what I want), it seems to be taking all the values regardless of hostname. Is there a way to filter these so that I can have one line in the graph for each hostname? Something like:
Field1
response.jsonBody.value.used AND beat.hostname=Node1
Field2
response.jsonBody.value.used AND beat.hostname=Node2
In the visualize panel, in the Data tab, you will see somewhere under the "X-Axis" configuration a button called "split lines". That will allow you to create multiple lines, one for each host.
Choose a "Terms" aggregation, and select the field that contains the hostname.
If you apply these changes, your line chart will split up and show multiple lines, one for each host.
Thanks for the response. It works, but unfortunately the field that I'm trying to split is "analyzed", and I've tried everything to change it, with no luck.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.