Set default column to display only a specific field under _source

jriver · May 3, 2017, 6:35pm

Hi,

We are new to Kibana and the ELK stack, and are trying to mold the Kibana interface to our desired use case. One of the things we are trying to do it cleanup the "noise" that is displayed by default (all the information in the _source field) and only display one of these fields. In our case this is the message field in _source.

{
..
  "_source": {
...
    "message": "Log Message I care about",
...
  },
...
}

I am unable to find any real documentation on the proper syntax for this, and best I can find is that this should be possible.

Anyone know how to do this, or able to link me to a good resource?

Thanks

tylersmalley · May 3, 2017, 6:52pm

When on the Discover tab, you can select a field of interest and click the "add" button. This will then begin limiting the results to the selected fields.

jriver · May 3, 2017, 6:54pm

Is there a way to turn that on by default?

tylersmalley · May 3, 2017, 6:59pm

Looks like there is a defaultColumns advanced options which accomplish this.

jriver · May 3, 2017, 7:01pm

Well thats what I was looking at when I asked this question. I'm trying to figure out the correct syntax for the default columns.

tylersmalley · May 3, 2017, 7:03pm

My apologies didn't realize you were referring to that setting. It's comma delimited

message,another_field

jriver · May 3, 2017, 7:06pm

Okay that doesn't seem to work. Maybe our mapping is wrong for it to be able to do that by default.

tylersmalley · May 3, 2017, 7:07pm

Can I get an output of your mapping?

system · May 31, 2017, 7:15pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.