Hi Team,
I created columns for my log file and i can see that in Discover but while preparing/visualizing bar chart i can't see "Company" as a field in X-Asix drop down list.
How can we see custom fields in the Dropdown list (X-Asix=>Aggregation=>Field)
*Company is a column/field name and it's available in discover _source
Regards...
This is what a row looks like, i guess even after logstash filter "Column", entire row inserted as message?
{
"_index": "filebeat-2016.03.28",
"_type": "mylog",
"_id": "AVO_kIjNryvsg4OSa45X",
"_score": null,
"_source": {
"message": "192.0.1.112|"Company-2"|SEA|[25/Mar/2016:13:00:01 -0700]|"GET Request***"|400|9578|"-"|"Mozilla"|userid-2|count",
"@version": "1",
"@timestamp": "2016-03-28T23:30:30.987Z",
"beat": {
"hostname": "a.b.c.dl",
"name": "a.b.c.d"
},
"count": 1,
"fields": null,
"input_type": "log",
"offset": 224,
"source": "/data/custom/test.log.4",
"tags": [
"testlog-tag",
"testlog-usrlog",
"beats_input_codec_plain_applied"
],
"type": "mylog",
"host": "a.b.c.d",
"IP": "192.0.1.112",
"Company": "Company-2",
"Unit": "SEA",
"Create-Date": "[25/Mar/2016:13:00:01 -0700]",
"Request-URL": "GET Request***",
"Response-Code": "400",
"Zip": 9578,
"line": "-",
"Browser": "Mozilla",
"User": "userid-2",
"Count": "count"
},
"fields": {
"@timestamp": [
1459207830987
]
},
"highlight": {
"source": [
"@kibana-highlighted-field@/data/custom/test.log.4@/kibana-highlighted-field@"
]
},
"sort": [
1459207830987
]
}
Regards...
What type of aggregation are you trying to do? Is the Company field indexed in Elasticsearch? Can you provide the mappings for this index or screenshots?
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.