Some field is not showing in ML

Im testing in Kibana + ES 6.1

Im following guide in this blog https://www.elastic.co/blog/machine-learning-for-nginx-logs - Use Case 2: Changes in Website Behaviour

But i cant see field "nginx.access.response" .. and this field existed data

image.png1859×681 94.3 KB

image.png1876×794 70 KB

Can someone have suggestion?

What does the Index Pattern look like for nginx data? Go to Management -> Index Pattern and select the nginx Index Pattern. Does the field response_code exist. If not, try hitting the "Refresh field list" button in the top left.

Hi @Nathan_Reese , of course, response_code existed

image.png2013×1144 192 KB

image.png1015×656 44 KB

Hi,

You can't split a job by a numerical field due to the high cardinality of the field i.e. you could have billions of fields. Only text fields can be used to split data.

Is nginx.access.response also indexed as a keyword field? If so that should appear in the split data drop down list otherwise you will have to re-index the nginx data I'm afraid

The single and multi-metric job configuration UIs do indeed prevent users from selecting fields that are of type number as fields to "split by".

However, you can get around this by using the Advanced Job configuration - it has no such limitation:

image.png2592×1036 237 KB

Many thank @dkyle and @richcollier. I got it.