How does kibana process the field including special character?

tuankun · April 7, 2016, 6:11am

Hi All,
My ELK is logstash 2.1.3, elasticsearch 2.2.1,kibana 4.4.2.
I transfer redhat linux rsyslog to ELK, some of the linux hostname include special character,like "wks-ems01" , the "host" field storing hostname is the "string" type with "analyzed,indexed,the default standard Analyzer" .
it display the correct name in elasticsearch:

but when I create pie chart in kibana, kibana will divide the hostname to two values:"wks" and "ems01" ( marked in red rectangle in the following snapshot).

How can it display the correct full hostname? thanks.

warkolm · April 7, 2016, 6:20am

Notice how it has the warning with "Analysed field"? That's why.
Try host.raw.

tuankun · April 7, 2016, 6:52am

@warkolm there is no host.raw field in my kibana, is that any wrong configuration?