Variables showing up in the discover tab not showing up in Visualize

kchao · July 15, 2019, 2:44pm

I've modified logstash.conf so that it will parse the message from IIS logs and I am seeing results in the discover tab but unfortunately, it is not showing up in visualize. I am pretty sure this is because I have not modified fields.yml. Is there a way to get the variables parsed from grok to show in the visualize tab by editing fields.yml from Filebeat?

My fields.yml is unmodified from the elastic default from filebeat 7.2.0
My logstash.conf file is simple and only has a grok filter

Badger · July 15, 2019, 8:33pm

That looks like either a filebeat of Kibana question, not a logstash question.

kchao · July 16, 2019, 3:21pm

I'm not completely sure but my filebeat data has to go through Logstash and is parsed by Logstash.conf so I put it under Logstash. I will edit to add tags though, thank you!

Topic		Replies	Views
Kibana Visualize log data as defined in module in filebeat Kibana	5	1880	August 18, 2017
Index are not displaying in visualize section while are appears in discover Kibana	2	303	August 24, 2018
Visualizing fields extracted from logs Kibana	4	1741	July 6, 2017
Unable to see all fields in Kibana Kibana	3	934	March 12, 2018
I have loaded some logs onto Kibana through logstash but not able to visualize it. Please help Kibana	7	355	August 26, 2020

Variables showing up in the discover tab not showing up in Visualize

Related topics