Kibana sort and remove time fiell

Hi Guys..
After lot of struggle finally we are able to extract the fields from raw event logs and we are getting the events as per our requirement in Kibana Discover tab. We have 2 fields that is “Certificate” (which contains certificate names) and “Days_Remaining”(which shows the number of days left for certificate expiry) . Now we want them to put in a tabular format dashboard, hence we are very new to this ELK we are starting with a simple dashboard by just saving this search and open it in Visualize tab. We are able to see the data as expected but we need these modifications done on that.

1. We need to sort this table in descending order as per the field “Days_Remaining” as the table is in random format.
   Note : We have something called “sort” query in splunk but we are not finding it in Kibana
2. We need to rename the “Time” field to something else or we want to rename it.

Can some one please help on this..

kib.PNG1538×923 69 KB

Mouse over the column header to show the sort UI. Click the caret to sort by a field

You could re-index your data and change the field name that way, or use a scripted field to create a new row with the desired name

There is an open issue for Ability to set a custom field name in Discovery and Saved Searches.

Hi Nathan,
Thanks, but we get only "Remove Column" and "Move Column to the right or left" options while mouse over the column header of these fields (These fields are created by me using Grok filter in logstash.json file), but we can see this option "sort by" UI popping out successfully for other fields which are created by default in kibana like @timestamp, event_id, beat_version, record number, _index etc... So now the question is how to enable this "sort by" UI on fields which are created by us using grok filter. Please advise.

kib1313×656 37.9 KB