Lots of empty fields in expanded document view

opoplawski · July 30, 2020, 7:22pm

This behavior seems fairly new with a recent kibana or other update - when looking at the expanded document for an item in the discover list I see lots of empty fields.

Apparently these are “date_time” fields that kibana adds to the “docvalue_fields” parameter to queries:

"docvalue_fields": [
    {
      "field": "@timestamp",
      "format": "date_time"
    },
    {
      "field": "aws.cloudtrail.user_identity.session_context.creation_date",
      "format": "date_time"
    },
    {
      "field": "azure.auditlogs.properties.activity_datetime",
      "format": "date_time"
    },

There is some discussion of this here: Kibana using docvalue_fields for no apparent reason

But I’m not sure why these fields are being displayed in the results.

Michiel_Van_Der_Lee · July 30, 2020, 7:49pm

This has been marked as a bug: https://github.com/elastic/kibana/issues/68672

system · August 27, 2020, 7:49pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Kibana using docvalue_fields for no apparent reason Kibana	5	970	July 7, 2020
Hide unused fields in Kibana Discover Kibana	4	1724	August 17, 2020
About Kibana UI Kibana	3	225	September 20, 2023
Kibana discover does not appear to list empty documents Kibana	6	1221	December 7, 2017
"fields" key show date-type fields in JSON view Kibana	3	516	June 2, 2020

Lots of empty fields in expanded document view

Related topics