Kibana splitting up hostname as multiple fields in graphs

ujjain · March 1, 2018, 10:25am

I have a field called beat.hostname in my Metricbeat-index. Unfortunately the kibana dashboards show a seperate line in the graph for the domain name and subdomain part of beat.hostname.

There are no entries in the Metricbeat-index with nl.rs as beat.hostname and beat.hostname is always eublaf001.nl.rs

These are the beat.hostname fields:

This is the beat.hostname mappings:

"beat": {
    "properties": {
        "hostname": {
            "ignore_above": 1024,
            "type": "keyword"
        },
        "name": {
            "ignore_above": 1024,
            "type": "keyword"
        },
        "version": {
            "ignore_above": 1024,
            "type": "keyword"
        }
    }
},

As you see, in graphs it's splitting up the hostname in eublaf001.nl.rs in a seperate eublaf001 and nl.rs.

jbudz · March 1, 2018, 7:57pm

Can you double check the mapping for earlier metricbeat indices? I'm wondering if beat.hostname on an older timestamp wasn't using the beats template yet.

The results are behaving as if it's a text/string analyzed field. If this is the case, on the Kibana side after resolving this you'll have to click the refresh button on the index patterns page to update Kibana's version of the mapping.

system · March 29, 2018, 7:57pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.