Im testing in Kibana + ES 6.1
Im following guide in this blog https://www.elastic.co/blog/machine-learning-for-nginx-logs - Use Case 2: Changes in Website Behaviour
But i cant see field "nginx.access.response" .. and this field existed data
Can someone have suggestion?
What does the Index Pattern look like for nginx data? Go to Management -> Index Pattern and select the nginx Index Pattern. Does the field response_code exist. If not, try hitting the "Refresh field list" button in the top left.
Hi,
You can't split a job by a numerical field due to the high cardinality of the field i.e. you could have billions of fields. Only text fields can be used to split data.
Is nginx.access.response also indexed as a keyword field? If so that should appear in the split data drop down list otherwise you will have to re-index the nginx data I'm afraid 
1 Like
The single and multi-metric job configuration UIs do indeed prevent users from selecting fields that are of type number as fields to "split by".
However, you can get around this by using the Advanced Job configuration - it has no such limitation:
1 Like
Many thank @dkyle and @richcollier. I got it.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.