Visualise logs in data table using Terms Aggregation

Elastic Stack Kibana
1

Hello

I am working on logs collecting using Elastic Stack and I wanted to present logs in a data table. They should be grouped by "Call ID", which I have achieved using Buckets with Terms aggregation.
As you can see, each log consists of date, level , callId and message.

Screenshot 2020-02-04 at 14.28.51
Screenshot 2020-02-04 at 14.28.511792×774 107 KB

Now the problem is, that the data table displays ONLY ONE log. I know that I can add more of them by 'concatenate' operation, but that will still place them in one line like this:
message1, message2, message3,

instead of
message1
message2
message2

I need to have each log in a separate row. Is it possible to do?

Note. I know that I can use Discover to filter my logs by Call Id, but this is not the case here. I need to have logs GROUPED by call Id.

2

Why did you use the split table ? Use the split row instead, it will be better in your case.

3

Thanks for a hint. I did a double-bucket-split.
First one is the one that I presented.
Second one is split row with @timestamp in ascending order. It has solved the problem, now I have small tabels with most recent logs for each Call ID.
Thanks a lot, I'll mark it as a solution

4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.