I use elk 6.4
How can I solve the problem ? ( The problem is missing value ??)
Can you verify that 'Missing' is coming from Kibana and not the elasticsearch document? What's your workflow used to ingest these documents?
I believe Kibana will use a hyphen if the field is empty.
My apologies, I had to do some research. The "Missing" text is roughly saying we have a sub bucket that is empty. I'm guessing this is related to the number of terms aggregations we're doing, it's splitting the data up several times.
Can you add some info about how you want this data table to look? If it's a document level view creating this from discover instead of visualize may be what we're looking for
what version of Kibana are you on? what happens when you remove the offending visualization?
My table like - syslog_priority -timestamp -syslog_hostnames -syslog_program- syslog_process- syslog_massage_id- syslog_message
logstash parsing like that =>
match => [ "message","%{POSINT:syslog_priority} %{TIMESTAMP_ISO8601:syslog_time} %{SYSLOGPROG:syslog_program} %{SYSLOGHOST:syslog_hostname} %{NOTSPACE:syslog_process} %{NOTSPACE:syslog_massage_id} %{NOTSPACE:syslog_level} %{GREEDYDATA:syslog_message}" ]
I use Kibana version -> 6.4.0 . And ı try Kibana -> 6.2.4 .I take same result.The problem is that the "missing" error. The aim is to solve the "missing" error .and show those lost data.(missing error seems if the characters numbers are 300 (if the characters numbers are 200 , data will seen) )
Hi Ufkun, I think the best place for this is from discover and it should be able to achieve what you want. When you hover over a field on the left hand side of the page, you can add the column. Saving the search from discover will let you add this table to a dashboard.
Do you think this will work for you?
Thank your answer.At the moment your answer is best answer but not solution.I will work here .Thanks for helping