Hi Team,
I am not able to sort data in kibana, Data in kibana UI are jumbled . Is there any way to sort data in Kibana UI?
Hi
Could you provide some details in which part of Kibana sorting doesn't work? Is ist Discover, could you provide a screenshot?
Thx & Best,
Matthias
1 Like
Hi @matw,
Sorry for the one line query, We have sample data It starts from number 1 and ends with number 100. Please refer below screenshot for reference.
Same data is pushed to elasticsearch via fluentd. In fluentd there are no filters added, So fluentd is just reading the data and it is forwarding the data to elasticsearch without modifying any data.
Once the data is indexed in elasticsearch, Same has been visualized in kibana . In kibana discover screen the data is not sorted and moreover it is jumbled. Please refer below screenshot for reference.
Can you please help me to sort the data and also can we use any additional column to sort the data in Kibana Discover section?
Have a look at the timestamp (@timestamp) in Discover table, I assume it's the one when the log arrives at e.h. logstash/Elasticsearch. So the first thing you should check is assigning the date field in the index pattern (you've to create a new one for this), this should improve you result. Then when it's sorted by the right date you should sort by sl_no, clicking at the column header adds this field to the sorted by fields, you've to click on the date column header to unsort it.
Best,
Matthias
1 Like
Hi @matw,
Thanks for your reply, I have configured date and created index pattern and after creating index pattern logs are not in order. Since the timestamp is same for many logs and it is not sorted. Please refer attached screenshot for reference
The logs start from Sl_no 1 to 1000 and the expectation is ,it should be descending order i.e from 1000 to 1 .But in the discover section it is jumbled as per screenshot .
Then i have configured tie breaker fields to sort the logs, please refer below screenshot for reference.
But even after configuring tie breaker fields , logs are jumbled in discover section. Looks like tie breaker fields are not considered in discover section. Please refer attached screenshot for reference.
Can you please help here.
Regards,
Varun S
Hi
The tie breaker field is only used for discover context view, which version of Kibana are you using? When it's >= 7.4 you should be able to sort by multiple fields:
So you can click on another field to sort by, this should solve your problem
Best,
Matthias
1 Like
Hi @matw,
Kibana version used here is 7.8.0 . Please refer below screenshot for tie breaker configuration.
After the tie breaker configuration , in the discover section the logs which have same timestamp are not getting sorted in descending order. The reason why i am stretching on descending order is ,because the latest records should be displayed first in discover section in kibana. But this is not happening and data is getting sorted on ascending order. Please refer the attached screenshot for reference.
Can you please confirm whether this is the behavior in discover screen after tie breaker configuration and also please explain what is discover context view ?
Hi @matw,
Regarding the statement ,So you can click on another field to sort by, this should solve your problem----->Is it really mandatory to sort manually,even after configuring the same field in tie breaker
For ex :- I have already configured sl_no field in tie breaker, so i need use the same sl_no field to sort again in discover section?
Hi, sorry for the late reply
So the context view is accessed by using the 'View surrounding documents' link when you expand a document.
![Bildschirmfoto 2020-11-16 um 11.51.30|581x499]
(upload://vrdk321Hw0wAlJaUMox9pYvZK0m.png)
This is using the tie breaker, but it's not used in the main list
Regarding to your screen. you don't need another data column, since it contains the same info. you need to click on sl_no to sort by it, and then click on Time to de-sort by it
Hi @matw,
Thanks for your reply.
Expectation is adding tie breaker should auto sort the timebased index records based on the tie-breaker fields in descending if the timestamp is the same.
But now for the records which have the same timestamp, the records are sorted in ascending order based on tie-breaker fields.
Please confirm whether is our expectation is correct or is it required to do manual sort even after setting the tie-breaker fields .
Regards,
Varun S
Hi
The tie breaker is currently just used in the context view that you can access via the "View surrounding documents" link. So manual sorting is required in your case
Best,
Matthias
Hi @matw,
Thanks for your reply,how can we make auto sort based on specifying the tie breaker field ?
Because after configuring tie breaker fields,expectation is data should be sorted based on tie breaker fields without any manual intervention.
Regards,
Varun S
This is definitely something we should improve!
Thx for the feedback!
Hi @matw,
Can you please confirm , after configuring tie breaker fields whether the data will be sorted based on tie breaker fields without any manual intervention in discover screen or user has to sort it manually ?
Note:- Kibana version used here is 7.8.0
Regards,
Varun S
The tie breaker field is not used in the Discover main view, it's uses when you use "View surrounding documents" . So you have to sort manually.
Best,
Matthias
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.