Values of type: VALUE_NULL

ebosdev · October 12, 2021, 12:42pm

Hello everyone,

I am trying to visualize a timelion and this is the query i am using:
.es(index=investigation_master_index,timefield=uco-observable:sentTime.@value,split=uco-observable:messageText.keyword:1000)

the messageText has data inside as well as the sentTime and i just want to visualize their correllation. What does VALUE_NULL mean, does it mean that the uco-observable:messageText.keyword doesnt exist? or that it is empty? I have looked everywhere for this and found nothing unfortunately. Maybe the solution is something simple, that I cannot think right now.

Thank you!

timelionError

bhavyarm · October 25, 2021, 2:44pm

@Stratoula_Kalafateli can we please get some help here? Thank you!

Stratoula_Kalafateli · October 26, 2021, 8:24am

Hey @ebosdev, which version of kibana do you use?
The problem here I think is the : in the field names. This was fixed in 7.13. Here is the PR [Timelion] Fixes bug with escape colons in field names in the metric/split parameter by Dmitriynj · Pull Request #96770 · elastic/kibana · GitHub that made this fix.

ebosdev · October 27, 2021, 12:12pm

Thank you for your replies. The we are using is 7.9.3.

system · November 24, 2021, 12:13pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.