Top X most used words in field

toldiwaw · December 26, 2018, 7:55pm

Hi,
I wonder if there is a possibility to split field for unique words and count them for top hits?
My example is "message-subject" field.

Data table is fine form me (Visualize)

What I'm looking for (Result):
outgoing - 5
kibana - 4
tld - 4
visualize - 3
timeout - 2
filebeat - 1
... - ...

I would like to analyze logs from MTA, Exchange and maybe mailbox (imap input in logstash) in future...

Marius_Dragomir · December 27, 2018, 10:34am

The field you're trying to do the split is not analysed, hence the .keyword part of it so it's treated a complete string. You need to use the message-subject field which should be the one analyzed.

toldiwaw · December 27, 2018, 10:58am

Thanks. I'm not able to pick message-subject. Only .keyword
message-subject_03 message-subject_04

toldiwaw · January 3, 2019, 8:04pm

Should I enable/update filed message-subject to fielddata?

system · January 31, 2019, 8:04pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
.keyword field not working & how can i split sentence? Kibana	3	832	August 27, 2018
Counting Terms In Text Field Kibana	3	27	August 6, 2024
Visualizing Terms In A Field Kibana	4	348	February 7, 2020
Unique count on field, not on field.keyword Kibana	3	2741	October 21, 2019
How to make Kibana Terms panel to count complete string frequencies, rather than separate words frequencies? Elasticsearch	4	2181	July 6, 2017

Top X most used words in field

Related topics