Kibana - Visualization shows 0 results

spiri · August 31, 2020, 5:25pm

Hello,

I integrated my syslog-ng with Elasticsearch + Kibana and I want to show the count of denied and allowed connections in a pie.

So I created a new visualization for a pie, then splitted the slice twice and selecting a filter.

The first slice should filter the following entries:

SOURCE:router and MESSAGE:*DENY*

The second slice should filter this:

SOURCE:router and MESSAGE:*ALLOW*

The problem is, only the count for the first query is being displayed. No matter how I order things, just the first query entered in a freshly created visualization is being displayed.

On the Discover page I can find hundreds of entries for both queries.

How to debug this kind of problem?

aaron-nimocks · August 31, 2020, 5:42pm

Welcome to the community @spiri

added 7 test messages in an index. 3 are ALLOW, 3 are DENY, and 1 is neither.

The donut chart is split with 3 on each side. Is this what you are looking for?

spiri · August 31, 2020, 5:45pm

Oh yes, this is what I am looking for!

My error was I created two Buckets but with adding a filter to the first one is working for me.

Thank you aaron-nimocks

system · September 28, 2020, 5:46pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.