I have data flowing via syslog > logstash > elastic, but I had a question regarding filtering or really field order when applying filters in kibana.
If I filter on cisco_hostname and add src_ip the result fields order match, however, once I add in geoip.ip it appears the field result order moves around. Is there an explanation to this?
All the data appears to be the same and matches correctly, its just the field order that bounces around.
Hm. I don't think there's a good explanation for that. It looks to me as if Kibana just displays the source fields in the order it receives them from Elasticsearch, and that ordering is opaque (probably varies based on various algorithms). I think there's an argument to be made that this is a flaw, and that Kibana should sort these, so they always display consistently.
You can open an issue here:
https://github.com/elastic/kibana/issues/new/choose
If you do, please be sure to note the version of Kibana you're using.
Best,
Chris
Thank you for the quick response. Its not a super big deal and I can attempt to upgrade to version 6.2.4 from 6.2.3 and see if that resolves the issues as well. Just thought it was unusual.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.
