Set default column to display only a specific field under _source

Elastic Stack Kibana
1

Hi,

We are new to Kibana and the ELK stack, and are trying to mold the Kibana interface to our desired use case. One of the things we are trying to do it cleanup the "noise" that is displayed by default (all the information in the _source field) and only display one of these fields. In our case this is the message field in _source.

{
..
  "_source": {
...
    "message": "Log Message I care about",
...
  },
...
}

I am unable to find any real documentation on the proper syntax for this, and best I can find is that this should be possible.

Anyone know how to do this, or able to link me to a good resource?

Thanks

1 Like
2

When on the Discover tab, you can select a field of interest and click the "add" button. This will then begin limiting the results to the selected fields.

3

Is there a way to turn that on by default?

4

Looks like there is a defaultColumns advanced options which accomplish this.

5

Well thats what I was looking at when I asked this question. I'm trying to figure out the correct syntax for the default columns.

6

My apologies didn't realize you were referring to that setting. It's comma delimited

message,another_field

1 Like
7

Okay that doesn't seem to work. Maybe our mapping is wrong for it to be able to do that by default.

8

Can I get an output of your mapping?

9

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.