Values of type: VALUE_NULL

ebosdev · October 12, 2021, 12:42pm

Hello everyone,

I am trying to visualize a timelion and this is the query i am using:
.es(index=investigation_master_index,timefield=uco-observable:sentTime.@value,split=uco-observable:messageText.keyword:1000)

the messageText has data inside as well as the sentTime and i just want to visualize their correllation. What does VALUE_NULL mean, does it mean that the uco-observable:messageText.keyword doesnt exist? or that it is empty? I have looked everywhere for this and found nothing unfortunately. Maybe the solution is something simple, that I cannot think right now.

Thank you!

timelionError

bhavyarm · October 25, 2021, 2:44pm

@Stratoula_Kalafateli can we please get some help here? Thank you!

Stratoula_Kalafateli · October 26, 2021, 8:24am

Hey @ebosdev, which version of kibana do you use?
The problem here I think is the : in the field names. This was fixed in 7.13. Here is the PR [Timelion] Fixes bug with escape colons in field names in the metric/split parameter by Dmitriynj · Pull Request #96770 · elastic/kibana · GitHub that made this fix.

ebosdev · October 27, 2021, 12:12pm

Thank you for your replies. The we are using is 7.9.3.

system · November 24, 2021, 12:13pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Blank Timelion Kibana timelion	2	501	November 22, 2021
Timelion null Kibana timelion	4	972	August 4, 2017
Handle line chart missing values Kibana	5	1618	January 6, 2020
Timelion sum not working but count does in metric field Kibana timelion	5	2807	September 14, 2018
Timelion error [illegal_argument_exception] field name is null or empty Kibana timelion	8	2776	November 10, 2018

Values of type: VALUE_NULL

Related Topics