Hi , ive a difficulty with kibana. When I use the visualization screen to display my data, count aggregated on the y axis and terms aggregated on the x axis around a field it pulls data based on the distinct values for that field . So say it pulls eight categories, and two of them are "Reconnaissance" and "Abuse" respectively. Now when I go into Timelion and input this query:
it pulls nothing . I have gone to a great deal of trouble to check the configuration , indexes and mapping but can find nothing to explain the disappearance of the data. This happens with more than one value. Is this a bug? Can anyone provide help in any form. thanks in advance
And for the second query, if the \[0\] part is trying to access the array index 0, that isn't supported. All of the values in the Category array are considered equal values of the Category field and order is not relevant, try:
Hi Thanks for your comment however, I should have been a little more careful with my formatting but the issue is not an issue with formatting the query. I grant that .es(index="myindex", timefield="mytimestamp", metric=count, q="MyFieldname:Abuse") is a functional format ( there are others) but the point is that pulling the same field data in Kibana on the Visualization screen is inconsistent with pulling data on the Timelion screen.
The formatting issue you are referring to is simply because I had to give a fictional query and made some formatting errors. All the same, thank you for replying but this is not solved.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.