I am using winlogbeat to send Winds data to ES and also kibana later on for display. However, it seems that kibana cant display the message properly as shown.
This is what shown in discover page.
However, this is what actual visualization do. As seen, for event 326 and 327, the message field disappear
Is this a limitation of kibana?
This should not be a limitation — Kibana should be able to show you the string in the data table visualization.
I tried reproducing this using exactly the same multi-line string that you have above for event ID 326. I was able to see it in the data table visualization I created.
To help figure troubleshoot this further, would you mind trying something and posting the results in this topic? At the bottom of the data table visualization you should see a small ^ button. Click that to open the Kibana spy panel. In the spy panel you'll see buttons like Table, Request, etc. Could you click the Request button and paste its contents into this topic? Could you also do the same for the Response button? Thanks!
Hi @shaunak,
Thanks for helping. I have come across with some more serious problems when I tried to work that out. As you seen from the graph, I cannot generate any result based on any raw field.
But as seen from the discovery page, there are hits hitting the ES and Kibana can extract them.
How would this happen?
I have to admit - I'm pretty stumped on how what you are seeing could happen. On the visualization page where you see "no results found", can you try opening the spy panel (by clicking the little ^ button at the bottom) and copy/pasting the request and response? Maybe we'll notice something there...
This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.
