kibana-4

Related to: Combine logs and query in ELK We are setting up ELK and would want to create a visualization in Kibana 4. The issue here is that we want to relate between two different types of message. To simplify: Message type 1 fields: message_type, common_id_number, byte_count, ... Message type 2 fields: message_type, common_id_number, hostname, ... Both messages share the same index in elasticsearch. As you can see we were trying to graph without taking that common_id_number into account, but it seems that we must use it. We don't know how yet, though. Any help? EDIT These are the relevant

Is it possible to automate the configuration of an index pattern in kibana? Either via some settings file or perhaps a rest api. After installation it's possible to do it manually. Kibana 5.x exposes such an API to manage index patterns. To create index pattern one can issue below command to kibana access url (just edit the kibana endpoint, index-name and timestamp variables to match your needs): curl <kibana-endpoint>/es_admin/.kibana/index-pattern/<index-name>/_create\ -H "Content-Type: application/json"\ -H "Accept: application/json, text/plain, */*"\ -H "kbn-xsrf: <index-name>"\ --data

I have a behavior in Kibana, I can't explain. The following is a simple bar chart, counting unique users, filtered by application and a role, and ensuring certain fields exist on the logs: This graph shows that I have approx. 170 users which have the role 'Landmand'. If I split the bar by the term 'fields.Role', I would expect a identical chart, since I already applied a filter specifying 'fields.Role:Landmand' in the search. However I see this. This suddenly limits the unique count to approx. 150 users. I've tried with different fields and it seems to have the same behavior - as soon as I

I have Kibana 4.0.1 running on top of elasticsearch 1.4.4. It was very smooth and virtually had no setup time. Suddenly I have run into a problem. If I add a new field in my elasticsearch index, it's not visible in fields section. I can still query on that field in discover section. But, I can't make a graph based on the new field as it's not visible in fields list. Kibana apparently fetches _mapping at the time of setup and stores it in elasticsearch index named .kibana . Once done, it never changes that. Deleting this index should load fresh _mapping from elasticsearch. But I don't want to

I want to create a dashboard which shows information about a limited set of request values : request:("/path1" OR "/path2" OR "/path3") What I've tried so far: I can add filters to the dashboard by clicking on a part of a pie chart, but all these filters are applied as AND filters and not OR. This way of working also requires actual data for all possible request values. Which is not always the case in a test environment. in Discover I created a saved search but I don't know how I can apply this to my Dashboard so it gets part of the dashboard definition. Is their a way to do this using the

My environment CentOS 6.6 elasticsearch-2.0.0-rc1.rpm kibana-4.1.2-linux-x64 [root@node2 files]# sestatus SELinux status: enabled SELinuxfs mount: /selinux Current mode: permissive Mode from config file: enforcing Policy version: 24 Policy from config file: targeted I am new to ELK stack. I have installed Elasticsearch and did not change any settings. It seems to me there is no issue with Elastic search. http://localhost:9200 Outputs { "name" : "Danielle Moonstar", "cluster_name" : "elasticsearch", "version" : { "number" : "2.0.0-rc1", "build_hash" : "4757962b01a4d837af282f90df9e1fbdb68b524e",

I'm facing a following problem. In Kibana 4 I've created a line chart based on my input from elasticeasrch but I can only display average, min, max instead of an actual value of the field per time, e.g. sent bytes. Most answears to that question on stackoverflow are about Kibana 3 ( How to create value over time chart with Kibana 3? ) and seem to include a Histogram on a X axis, yet I can't seem to find one which will enable me to apply them to Kibana 4. I was unable to find the histogram panel and once I click on the discover tab there is the constant Searching loading. If I have the