Visualize "unkown" data fields

sbeee · February 6, 2018, 4:21pm

hi guys,

i've installed the syslog_pri plugin to display syslog facility & severity. i also added a field for translation of severity numbers into strings like critical, warning etc.. this field is called "severity".

this all works as expected and will show up in kibana/discover.

now i want to visualize the count of severity labels (how many criticals, warnings etc. for a given time period).

my problem is...i can't visualize these new data fields because they fail to appear in the list of "terms" or "significant terms".

the reason for that could be the "unknown" data field type status!??! how can i change that?

thomasneirynck · February 7, 2018, 7:56pm

hi @sbeee,

Not 100% sure what's going on, also not too familiar with logstash.

But this seems more like a logstash issue (?). All fields should be mapped with a known data-type.

What is the mapping of that index? It should show something like "type": "keyword" before it can be used in aggregations.

sbeee · February 8, 2018, 9:08am

I've found the "issue". The trick is to refresh the index pattern manually via Management > Kibana > Index Patterns > "Refresh field list"

The new data fields are now tagged as string etc. and can be used in the visualization module.

system · March 8, 2018, 9:08am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Expected fields not available in kibana visualation Kibana	5	3900	September 13, 2018
Visualizing fields extracted from logs Kibana	4	1714	July 6, 2017
Confused about how to use .raw fields and not analyze string fields Kibana	37	51284	July 6, 2017
Field issue Kibana	8	287	May 21, 2018
Cann't Visualize certain term in kibana data table Kibana	2	1395	February 17, 2017

Visualize "unkown" data fields

Related topics