Hi.
I'm trying to add the 'message' field to a 'Data Table' in Kibana but i can't see the field.
In the built-in dashboard from Postgresql filebeat i can see the field without problem:
But when i try to build a new dashboard, in Lens, using the same Index, the field is not listed:
I even tried searching, but no results.
Am i doing something wrong?
Thanks.
message is a full text field, so it can't be aggregated. The existing visualizations that you see are doing one of two things:
_source for only a few documents. This is most often used to show the "most recent" value of a full text field.Thanks @wylie
Now i could do what i wanted using the "Discover":
Just another question:
In "Discover" can i show only the distinct values from 'message' and add another column with the 'unique count' of those values? This is what i was trying to achive using the dashboard.
Thanks.
That would be possible if you could aggregate the message, but aggregations on full text fields are disabled by default with strong warnings against enabling it. Usually we would recommend extracting any meaningful values into a separate field that is aggregated. It is also possible to create a multi-mapped field for use with aggregation, and that might also suit your use case. More information in the docs: https://www.elastic.co/guide/en/elasticsearch/reference/current/text.html
Ok thanks for your help!
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.
