I'm trying to create a visualization in Kibana (v4.6.1) so as to list log files by part of their names.
For example, I can view this files in Kibana :
/path1/path2/path3/myapp1.log.2017-02-07 => 1000 lines
/path1/path2/path3/myapp1.log.2017-02-06 => 500 lines
/path1/path4/path5/myapp2.log => 2000 lines
/path1/path4/path5/myapp2.log.2017-02-07 => 300 lines
Is it possible to have a data table with one tag "myapp1.log" to see all "myapp1" logs, etc :
myapp1.log 1500
myapp2.log 2300
you would need to index your data in a way that myapp1.log would be a separate field, then you could do that.
with filenames being in its current form you could try to use a scripted field to extract just the filename
go to management->index->scripted fields->add
try to add a scripted field .... depends how much assumptions can you make about your data.
i am making an assumption that your path includes a / and has a filename 10 chars long
dont forget to set field type to string (in this case)
But I don't think I can do this, I'm using Kibana in a big company, with so much logs to index that administrators prefers only keep standard fields and avoid to create specific ones...
And I don't see "management" in my kibana view, so I think I don't have (admin ?) rights to do this.
Is there a solution, only with visualization and playing with data / buckets ?
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
