Kibana splitting up hostname as multiple fields in graphs

ujjain · March 1, 2018, 10:25am

I have a field called beat.hostname in my Metricbeat-index. Unfortunately the kibana dashboards show a seperate line in the graph for the domain name and subdomain part of beat.hostname.

There are no entries in the Metricbeat-index with nl.rs as beat.hostname and beat.hostname is always eublaf001.nl.rs

These are the beat.hostname fields:

This is the beat.hostname mappings:

"beat": {
    "properties": {
        "hostname": {
            "ignore_above": 1024,
            "type": "keyword"
        },
        "name": {
            "ignore_above": 1024,
            "type": "keyword"
        },
        "version": {
            "ignore_above": 1024,
            "type": "keyword"
        }
    }
},

As you see, in graphs it's splitting up the hostname in eublaf001.nl.rs in a seperate eublaf001 and nl.rs.

jbudz · March 1, 2018, 7:57pm

Can you double check the mapping for earlier metricbeat indices? I'm wondering if beat.hostname on an older timestamp wasn't using the beats template yet.

The results are behaving as if it's a text/string analyzed field. If this is the case, on the Kibana side after resolving this you'll have to click the refresh button on the index patterns page to update Kibana's version of the mapping.

system · March 29, 2018, 7:57pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Kibana not able to filter beat.hostname after certain day Kibana	8	1507	June 4, 2018
Host metadata not parsing out correctly in ElasticSearch Kibana	4	449	September 17, 2018
Hostname split in Kibana Beats metricbeat	1	386	January 30, 2020
Setting up beat.hostname in Metricbeat Beats metricbeat	5	1268	October 1, 2020
Kibana Host Overview dashboard not showing all Metricbeats clients Beats metricbeat	3	1545	March 19, 2019

Kibana splitting up hostname as multiple fields in graphs

Related topics