In Kibana 4 I had simple bar charts that showed on the X-Axis the time and on the Y-Axis I had a Split Bar, Sub Aggreation Terms, Field Hostname.raw and then it showed me the Top5 according to my saved search.
In Kibana 5 this doesn't work anymore. The setup is now:
Sub Aggregation: Terms
Field: Hostname: raw
Order by: metric Count
Order: Descending: 5
But it doesn't split the bar up into the hostnames but shows only bars with a count which seems to be aggregated over the top 5 hostnames I guess. When I enable aggregation I get no results, with disabled aggregation I get the bars with the count.
The only way I see to get the bars back like in Kibana 4 is using now filters and add a filter by hand for each and every host. But this also means that I have to change my visualizations each time I add a host to my environment which is cumbersome.
Would you mind sharing a screenshot of the Kibana 4 visualization (including the buckets you have set up) and a screenshot of how it looks in Kibana 5? This will help me understand what you're looking for vs what you're getting in 5.
The count is the number of error messages coming in, each color is a different server. In Kibana 5 I have to realize that via a filters-sub-bucket.
In Kibana 4, I could use a Term-sub-bucket, with Field hostname.raw and let it show the Top 5.
Maybe there is something about your mapping that is making Kibana think that it can't use your hostname.raw field. Can you share the details of that field?
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
