Kibana splitting up hostname as multiple fields in graphs

ujjain · March 1, 2018, 10:25am

I have a field called beat.hostname in my Metricbeat-index. Unfortunately the kibana dashboards show a seperate line in the graph for the domain name and subdomain part of beat.hostname.

There are no entries in the Metricbeat-index with nl.rs as beat.hostname and beat.hostname is always eublaf001.nl.rs

These are the beat.hostname fields:

This is the beat.hostname mappings:

"beat": {
    "properties": {
        "hostname": {
            "ignore_above": 1024,
            "type": "keyword"
        },
        "name": {
            "ignore_above": 1024,
            "type": "keyword"
        },
        "version": {
            "ignore_above": 1024,
            "type": "keyword"
        }
    }
},

As you see, in graphs it's splitting up the hostname in eublaf001.nl.rs in a seperate eublaf001 and nl.rs.

jbudz · March 1, 2018, 7:57pm

Can you double check the mapping for earlier metricbeat indices? I'm wondering if beat.hostname on an older timestamp wasn't using the beats template yet.

The results are behaving as if it's a text/string analyzed field. If this is the case, on the Kibana side after resolving this you'll have to click the refresh button on the index patterns page to update Kibana's version of the mapping.

system · March 29, 2018, 7:57pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Dashes in hostname splits Vertical bar chart? Kibana	3	935	July 6, 2017
Hostname split in Kibana Beats metricbeat	1	395	January 30, 2020
Creating Dashboard according to beat.name or hostname? Kibana	5	4233	May 24, 2018
Label/legend names are cut off or incomplete Kibana	9	2941	July 6, 2017
Setting host.hostname mapping to static Beats metricbeat	5	757	February 1, 2020

Kibana splitting up hostname as multiple fields in graphs

Related topics