Hi, im new to this ELK and i hope that the community can guide men on solving this. OK so the data i got is from the xml file input on logstash then transferred to the elasticsearch, in kibana i do the manual index pattern just typing "index-pattern-*" and then click on next step.
The data when i hover on the screen shows accurate count.
Anyone can help me?
Hi @wdaburu, I have found that the more information I provide about document mapping, the better help I get. it sounds like you have a risk_score field in each document. However, you're trying to create a single "Metric" number? I'm not sure a Metric visualization does multiple aggregations.... it's just a single number, right? You're trying to create a Metric visualization?
Yes, just a single number for the risk_score with the value of 0 1 3 and then count the occurence of it. This is from the previous question that i asked before at Parsing nessus XML in Logstash
Did you compare the 'Time Picker' in Visualize v/s Discover? May be you have a lower time window selected in Visualize (say Last 15 Minutes) and higher one in Discover (say Last 1 hour)
Yup i did select the maximum time 5 years at the upper right corner each time the data come in from logstash and still the same.
@wdaburu What is the index pattern name for your data set, is it:"index-pattern-" or "nessus-data-" ? I see that you have chosen the index pattern: "nessus-data-*" in the Table Visualization.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.
