hello, I try to create a graph but field is not available in the field section... I use winlogbeat (7.4) and I would like to count some specific event_id [image]

Kibana : field event_id not available in bucket (from winlogbeat)

dosant (Anton Dosov) April 20, 2020, 10:31am 2

Could it be that eventId field is not aggregatable?
To be able to make visualisations on it, you have to make sure it is aggregatable.

You could check that in Management -> Index Patterns section

If this is the case, here are useful threads on "how to make a field aggregatable":

Hope this is helpful.

Topic		Replies	Views
Some windows event ID message cant be displayed in kibana? Kibana	4	974	August 10, 2016
Unable to use sub-fields of event_data Beats winlogbeat	5	1720	August 2, 2017
Show fields by eventID Kibana	2	325	August 5, 2021
Field 'Logon ID' not available Kibana	4	367	April 22, 2019
How to make a field aggregatable in Kibana Kibana	13	45739	July 20, 2017