Visualize apache logs strange

Elastic Stack Kibana
1

i have succefully configured apache logs to elk servers,but when i use the visualize (Vertical bar chart mode) to show the apache request url , it shows like this_

kibana.png1745×767 41.8 KB
_
the correct result should like this
kibana2.png1873×372 31.1 KB

it seems when i use the query,it split the common url to lonely characters,

the query json
{
"size": 0,
"query": {
"filtered": {
"query": {
"query_string": {
"analyze_wildcard": true,
"query": "*"
}
},
"filter": {
"bool": {
"must": [
{
"range": {
"@timestamp": {
"gte": 1471321799018,
"lte": 1471325399018,
"format": "epoch_millis"
}
}
}
],
"must_not":
}
}
}
},
"aggs": {
"3": {
"terms": {
"field": "RequestUrl",
"size": 20,
"order": {
"_count": "desc"
}
}
}
}
}

hope to get a reply.....

2

You are using an analysed field in your aggregation, which is indicated by the yellow warning message in the visualisation builder. You will need to change the mapping for the field to not_analyzed in order to aggregate on complete URLs.

3

does it support online mapping

4

I do not understand what you mean. Best way is to define an index template with the correct mapping. You will need to reindex the data though as it is not possible to change mapping for an existing field.

5

new question,there is a option host,some logstash agent get the empty values,only one get the real values,I define an index template to slove the not_analyzed,
what metod does the "host" use ? read the logstash agent hostname or some config?