Unable to access underlaying indexed log messages from Kibana Heatmap using a Search filter

Hello,

I have older Kibana v5.6.4 running as a log aggregator, part of a custom ELK implementation. I have indexed log database and I can Search my logs based on my criteria. I can visualize my messages using that same search filter. I get a nice heatmap showing severity of the log messages during my time interval. However, when I click on a single heatmap element, I am presented with another filter to accept and when I do, I get another heatmap which shows nothing meaningful. What I want to do is to be able to get to individual messages showing up in a heatmap element. Each element may have 1-1000 or something messages, but I don't see way to select a heatmap element to get to the actual messages. A Search may have keywords such as hostname:my-linux message:critical. I want to display results of the second search based on a heatmap element I chose which is represented by a time interval and severity. X-axis is Date Histogram, Y-axis is hostname and Split Chart is Severity in my case.

Any help would be greatly appreciated.

I resolved this by including message.keyword in Split-Chart.

1 Like

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.