we've got elk setup. logfiles collected , pushed elasticsearch. we're using kibana 4 visualize logs. there warn 'level' shown. within elasticsearch index there many more , other 'level's. these not shown. other fields in index, multiple values available shown, except 'level'. bug or there wrong in default configuration?
i not entirely sure tried , how did end not getting level in kibana. because you've mentioned:
then we're using kibana 4 visualize logs.but there warn 'level' shown.
this not make clear kind/type of (out of box) visualization (graph, chart, data table, etc) being used , aggregation(s) implemented.
also, when
within elasticsearch index there many more , other 'level's. these not shown.
i'd assume implemented/configured correctly @ logstash end (the grok filter, , pattern if you're using one)
i did similar (parse , visualize tomcat logs) , dealt same 'level' issue. discovered in kibana while using (sub)aggregation in visualization, when choose significant terms -> fieldname might neglect value less compared other values of field. ex if occurrence frequency of warn >>> error in level field given timeframe, kibana show warn irrespective of size put in. meant - showing significant terms.
to overcome this, use terms -> field -> fieldname. set order top/bottom , importantly, size 0.
you'll see every value field irrespective of occurrence frequency. hope helps.
ps: choosing bottom gets slight relief default green color in kibana visualizations.
Comments
Post a Comment