Values of type: VALUE_NULL

ebosdev · October 12, 2021, 12:42pm

Hello everyone,

I am trying to visualize a timelion and this is the query i am using:
.es(index=investigation_master_index,timefield=uco-observable:sentTime.@value,split=uco-observable:messageText.keyword:1000)

the messageText has data inside as well as the sentTime and i just want to visualize their correllation. What does VALUE_NULL mean, does it mean that the uco-observable:messageText.keyword doesnt exist? or that it is empty? I have looked everywhere for this and found nothing unfortunately. Maybe the solution is something simple, that I cannot think right now.

Thank you!

timelionError

bhavyarm · October 25, 2021, 2:44pm

@Stratoula_Kalafateli can we please get some help here? Thank you!

Stratoula_Kalafateli · October 26, 2021, 8:24am

Hey @ebosdev, which version of kibana do you use?
The problem here I think is the : in the field names. This was fixed in 7.13. Here is the PR [Timelion] Fixes bug with escape colons in field names in the metric/split parameter by Dmitriynj · Pull Request #96770 · elastic/kibana · GitHub that made this fix.

ebosdev · October 27, 2021, 12:12pm

Thank you for your replies. The we are using is 7.9.3.

Topic		Replies	Views
Blank Timelion Kibana timelion	2	538	November 22, 2021
Null metric not showing any value Kibana	2	523	July 1, 2019
Timelion null Kibana timelion	4	1020	August 4, 2017
Kibana Timelion: how to query a specific value expression with space Kibana timelion	6	3956	June 7, 2018
KQL to filter for documents where a field exists and its value is less than a fixed number? Kibana kql-kibana-query-language	21	25516	March 5, 2021

Values of type: VALUE_NULL

Related topics