Hi,
I have three fields:
beat.hostname
customer
site
I'd like to have it so that kibana visualization groups by hostname, but the display on the legend is customer+"."+site
How can I do this?
Sorry, there isn't really a way to do this in Kibana.
In 6.1, there will be a new feature in Timelion that makes it aware of scripted fields. Assuming your data is a time series, and Timelion is suitable to visualize your data, you could make a scripted field that's a concatenation of these 2 fields, and then make a split on the scripted field. Then you can customize the label based on the groups in the split.
Here's the PR going into 6.1 that provides the new feature: https://github.com/elastic/kibana/pull/14700
Are you sure? Why is there a scripted field under split series panel?
I was actually able to do it! Using scripted_fields, added one called Friendly Name
doc["site"].value+' '+doc["beat.hostname"].value String
Note it may take time for cluster to finish creating it for all the documents, at least it took ours a few minutes
Ah, so you updated all your documents with a new field using a script? That's going to be the most performant way to handle it at search time.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.