Visualise logs in data table using Terms Aggregation

MPiorunn · February 4, 2020, 1:41pm

Hello

I am working on logs collecting using Elastic Stack and I wanted to present logs in a data table. They should be grouped by "Call ID", which I have achieved using Buckets with Terms aggregation.
As you can see, each log consists of date, level , callId and message.

Now the problem is, that the data table displays ONLY ONE log. I know that I can add more of them by 'concatenate' operation, but that will still place them in one line like this:
message1, message2, message3,

instead of
message1
message2
message2

I need to have each log in a separate row. Is it possible to do?

Note. I know that I can use Discover to filter my logs by Call Id, but this is not the case here. I need to have logs GROUPED by call Id.

pchakour · February 4, 2020, 3:19pm

Why did you use the split table ? Use the split row instead, it will be better in your case.

MPiorunn · February 5, 2020, 7:57am

Thanks for a hint. I did a double-bucket-split.
First one is the one that I presented.
Second one is split row with @timestamp in ascending order. It has solved the problem, now I have small tabels with most recent logs for each Call ID.
Thanks a lot, I'll mark it as a solution

system · March 4, 2020, 7:57am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Visualizing log files in table Kibana	8	2041	May 9, 2019
Kibana data table Split row on String with pipe seperator Kibana	2	1929	September 25, 2019
Not able to create a data table using Split rows bucket type Kibana	2	1864	September 12, 2017
In data table visualization i have 5 columns but in one column, only one data is coming Logstash	5	267	August 15, 2023
Collapse rows in data table Kibana	3	1905	July 6, 2017

Visualise logs in data table using Terms Aggregation

Related topics