I have two log files. In one log file there are 3 fields after it is split over and it gets showed up in Kibana.
LogA
And this is another file with 10 fields:
LogB
So, what I want is, if I search in Kibana wit mobile=123, then I should show all the fields from both the log files or lets say I am interested only in some fields from both the log files. Is this possible to achieve in Kibana ?
Hi @marco2005
Yes it's possible, you can create an index-pattern in Kibana that cover both indices LogA and LogB for example: Log*
Then on Discover you can select that index-patten and query using your mobile field. It will show logs that match both indices. You can also select the column you want to visualize on the Available fields column on the right side.
Please checkout this link for an overview of the steps: https://www.elastic.co/guide/en/kibana/current/discover.html
Unfortunately that doesn't work.
In Index patterns , I see 4 fields now:
mobile string
mobile.keyword string
mobile string
mobile.keyword string
So, the 1st two from LOGA and the 2nd from LOGB.
So, What I want to achieve:
If I go to Datatable visualization and in the Buckets >> Split rows , I should be able to select Terms >> mobile and then similarly token and eid in the same visualization.
At the moment, when I select Terms aggregation . Under the field, I see 4 fields like I mentioned above. If I select the first and then select eid and token, nothing comes up.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.