We are using ELK stack in our lab.
We have created 2 new fields by name “Certificate” (which contains certificate names) and “Days_Remaining”(which shows the number of days left for certificate expiry) using GROK filter and we are able to see it in Kibana Discover tab as expected.
Now we want them to put in a tabular format dashboard, hence we are very new to this ELK stack we are starting with a simple dashboard by just saving this search and open it in Visualize tab. We are able to see the data as expected but in random format so we need to sort this table in a descending order as per the field “Days_Remaining” (which shows the number of days left for certificate expiry).
Note : We have something called “sort” query in splunk but we are not finding it in Kibana.
If we mouse over the column header of this field “Days_Remaining” then we get only "Remove Column" and "Move Column to the right or left" options but no “Sort By” option. But we can see this option "sort by" UI popping out successfully for other fields which are created by default in kibana like @timestamp, event_id, beat_version, record number, _index etc...
So our question is how to enable this "sort by" UI on this field “Days_Remaining” which is manually created by us using grok filter. Please advise.
