Reputation: 1882
Kibana visualization by full path
I'm trying to do a visualization (e.g. vertical bar chart) with the page requested being the x-axis. But if I create bucket type of an x-axis, setting the aggregate to Terms and "page", it splits the path by folder, file name, and extension.
For example, if the path was /images/icons/up.png, my visualization is creating a bar chart with bars for "images", "icons", "up", and "png". I want the chart to use the full path (/images/icons/up.png) for the bars.
These are from IIS logs and I don't want to include the querystring.
grok {
match => ["message", "%{TIMESTAMP_ISO8601:log_timestamp} %{WORD:serviceName} %{WORD:serverName} %{IP:serverIP} %{WORD:method} %{URIPATH:page} %{NOTSPACE:uriQuery} %{NUMBER:port} %{NOTSPACE:username} %{IPORHOST:clientIP} %{NOTSPACE:protocolVersion} %{NOTSPACE:userAgent} %{NOTSPACE:cookie} %{NOTSPACE:referer} %{NOTSPACE:requestHost} %{NUMBER:response} %{NUMBER:subresponse} %{NUMBER:win32response} %{NUMBER:bytesSent} %{NUMBER:bytesReceived} %{NUMBER:timetaken}"]
}
Thanks!
Upvotes: 0
Views: 248
Answers (1)
Reputation: 1074
For this type of aggregations your string field should be defined as "not analyzed" in elasticsearch. otherwise elasticsearch automatically tokenizes your string field. In kibana when you use a terms aggregation on an analyzed field you get a warning, do you see that?
if that does not solve your problem, can you post your elasticsearch index mapping?
Upvotes: 1
Related Questions
- Index pattern is not visualize in kibana
- how to collect IIS log through logstash and display it on Kibana?
- Logstash use in kibana
- Grok configuration ELK
- Querying Kibana using grok pattern
- logstash output not showing up in kibana
- Understanding grok-pattern to configure LogStash for Advanced IIS log
- How to search on a URL exactly in ElasticSearch / Kibana
- Aggregating a list of http log paths in kibana
- Kibana multiple dashboards support