Visualizing fields extracted from logs

bishaka · March 23, 2016, 10:31pm

So I have logs successfully coming in from a remote server into elasticsearch through logstash agents and I am trying to visualize it on kibana.

In the discover tab I see the fields that I have extracted using grok filter --good
However, when i click on visualize tab Piechart -> new search -> split slices -> aggregation -> terms -> field -> ???

I do not the see the fields I have extracted to be able to visualize them.
This is the discover tab

this is the visualize tab

Please help! I am trying to visualize fields i have extracted..

Khalah_Jones_Golden · March 23, 2016, 10:42pm

The type for your fields hasn't been set correctly. when you look at the fields in discover you see they have '?' next to them which means that the type for those fields isn't set and couldn't be interpreted, or perhaps you have different value types for those fields spread throughout your index.

If you look into properly setting field types using logstash and grok that should give you guidance.

Peace,
Khalah

bishaka · March 23, 2016, 10:50pm

Hi, Thanks for your reply.
the log looks like this:
2016-03-22 00:4110|mayan|searchVendor|2509

below is the grok filter I applied

grok {
match => [ "message", "%{DATE:todaysdate} %{SECOND:seconds}%{NOTSPACE}%{WORD:Username}%{NOTSPACE}%{WORD:Vendorname}%{NOTSPACE}%{BASE16NUM:bytes}" ]
}

I'm not sure how it doesn't match the type?

bishaka · March 23, 2016, 11:40pm

I fixed the problem by refreshing the fields.
Steps:
Kibana.
Settings
Reload field list.

Topic		Replies	Views
Not able to create visualization Kibana	9	458	August 22, 2019
Expected fields not available in kibana visualation Kibana	5	3900	September 13, 2018
Creating a bar chart using fields Kibana	3	583	June 9, 2017
Kibana Visualization-New field Kibana	3	259	July 23, 2020
Index are not displaying in visualize section while are appears in discover Kibana	2	273	August 24, 2018

Visualizing fields extracted from logs

Related topics