Kibana 6.4 chracter limit?

Ufkun_Karaman · September 13, 2018, 12:24pm

I use elk 6.4
How can I solve the problem ? ( The problem is missing value ??)

jbudz · September 13, 2018, 2:50pm

Can you verify that 'Missing' is coming from Kibana and not the elasticsearch document? What's your workflow used to ingest these documents?

I believe Kibana will use a hyphen if the field is empty.

Ufkun_Karaman · September 14, 2018, 6:43am

My system => (syslog (5000 port udp) => logstash => elasticsearch => kibana )
I parse message on logstash.
if ı want to send 300 characters log , I can see kibana's discovery or kibana's dev tool
but if ı look this info on kibana's visualize , ı can not see ( ı see "missing") (???)

jbudz · September 14, 2018, 2:49pm

My apologies, I had to do some research. The "Missing" text is roughly saying we have a sub bucket that is empty. I'm guessing this is related to the number of terms aggregations we're doing, it's splitting the data up several times.

Can you add some info about how you want this data table to look? If it's a document level view creating this from discover instead of visualize may be what we're looking for

jonsmiteeww · September 14, 2018, 7:05pm

what version of Kibana are you on? what happens when you remove the offending visualization?

Ufkun_Karaman · September 18, 2018, 5:50am

My table like - syslog_priority -timestamp -syslog_hostnames -syslog_program- syslog_process- syslog_massage_id- syslog_message

logstash parsing like that =>
match => [ "message","%{POSINT:syslog_priority} %{TIMESTAMP_ISO8601:syslog_time} %{SYSLOGPROG:syslog_program} %{SYSLOGHOST:syslog_hostname} %{NOTSPACE:syslog_process} %{NOTSPACE:syslog_massage_id} %{NOTSPACE:syslog_level} %{GREEDYDATA:syslog_message}" ]

Ufkun_Karaman · September 18, 2018, 8:53am

I use Kibana version -> 6.4.0 . And ı try Kibana -> 6.2.4 .I take same result.The problem is that the "missing" error. The aim is to solve the "missing" error .and show those lost data.(missing error seems if the characters numbers are 300 (if the characters numbers are 200 , data will seen) )

jbudz · September 21, 2018, 3:21am

Hi Ufkun, I think the best place for this is from discover and it should be able to achieve what you want. When you hover over a field on the left hand side of the page, you can add the column. Saving the search from discover will let you add this table to a dashboard.

Do you think this will work for you?

Ufkun_Karaman · October 5, 2018, 6:14am

Thank your answer.At the moment your answer is best answer but not solution.I will work here .Thanks for helping

system · November 2, 2018, 6:14am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.