Just to start, I'm new to Elastic/Kibana so this may be a basic question. I have everything setup with ELK and Filebeat, and I'm getting data into my filebeat index with just syslog data. I've created a pie chart for the top 30 syslog senders (bucket is significant_terms with a field of syslog_hostname.keyword with a count of 30). My filebeat data started a couple days ago after I set everything up and if I change the time to today, or yesterday..everything works fine and I get a nice pie chart and table of what I want. If I change the time to this week, or this year, i get "No results displayed because all values equal 0". I would have thought those would just pick up all data and display. Am I wrong? I'm just curious why this is happening.
Hmmm... I wouldn't expect to see this either. Could you provide screenshots of what you're seeing?
Also, next to the visualization itself there should be a button to click that shows you the data table corresponding to the visualization. Could you expand that and let us know if there's any data in the table itself? Thanks!
Just use a terms aggregation, not significant terms
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.