Reputation: 31
How to enable sort on a field in kibana?
In logstash I am parsing out the microseconds from my apache logs, how do I sort on this field in kibana?
Here is my filter for logs :
if [type] == "apachelogs" {
grok {
break_on_match => false
match => { "message" => "\[%{HTTPDATE:apachetime}\]%{SPACE}%{NOTSPACE:verb}%{SPACE}/%{NOTSPACE:ApacheRequested}" }
match=> { "message" => "\*\*%{NUMBER:seconds}/%{NUMBER:microseconds}" }
add_tag => "%{apachetime}"
add_tag => "%{verb}"
add_tag => "%{ApacheRequested}"
add_tag => "%{seconds}"
add_tag => "%{microseconds}"
}
}
Upvotes: 1
Views: 7609
Answers (2)
Reputation: 4110
As long as Logstash is parsing the field you want to sort on, which it is, then it has no impact on your ability to sort in Kibana.
To sort in Kibana, in the discovery view, add the field microseconds (or any field you want to sort on). Then you can sort on that field, using the arrow near the field name.
Upvotes: 2
Reputation: 4089
Why not sort on the field? Thanks to your grok pattern your event now has a microseconds field with the value in it.
You can sort via simple if and else if checks. Logstash Docs on Conditionals
if [microseconds] <= 30000000 {
# filter
}
else if [microseconds] <= 60000000 {
# filter
}
else {
# filter
}
EDIT: This answer has no bearing on the Question, since OP was actually asking about sorting in Kibana, this is about sorting in Logstash
Upvotes: 0
Related Questions
- How to sort on a text field with elastic search
- ElasticSearch sort order for multiple fields
- Sort logs by timestamp in Kibana
- How to sort fields with elasticsearch 7
- Elasticsearch Sorting fields anomaly
- ElasticSearch sort by value
- How to sort by field in elasticsearch?
- Sorting on several fields in Elasticsearch
- Elasticsearch sort field
- How to I make a field sortable in ElasticSearch?