I have two log files (to be simple) one with **ID NAME** another with **ID STATUS** When I pull them into elastic search, It gets parsed in different timestamps So, I cannot use all those 3 fields inside a single visualization Is there anyway of achieving that?? Thanks in advance :)
time difference is in milliseconds.. I will give a screen shot! [Capture|690x141](upload://hfAbEOPkIX116EIS3Vr7BqK1oyY.PNG)
inst_id inst_name status
for same inst_id I require other two fields to be displayed in a same visualization I tried "dataTables" but one value gets nullified
incase the screenshot doesn't load **@timestamp inst_id inst_name status** > September 8th 2017, 12:06:55.526 100 - ONLINE > September 8th 2017, 12:06:55.558 100 ICICI - > September 8th 2017, 12:06:55.559 101 IDBI - > September 8th 2017, 12:06:55.527 101 - ONLINE I dont know how to preserve spaces in this comment :(
Thanks for the help, this is the parsed info in elastic search from two logs containing _**Inst_id inst_name**_ in one file and _**inst_id status**_ in one file
Time inst_id inst_name status September 8th 2017, 12:06:55.571 107 CANARA - September 8th 2017, 12:06:55.584 107 - OFFLINE September 8th 2017, 12:06:55.570 106 IOB - September 8th 2017, 12:06:55.581 106 - ONLINE September 8th 2017, 12:06:55.579 105 - ONLINE September 8th 2017, 12:06:55.568 105 KVB - September 8th 2017, 12:06:55.566 104 AXIS - September 8th 2017, 12:06:55.576 104 - ONLINE I need to get inst_name and status into same visualization with Inst_ID, but any one field gets nullified due to timestamp
EDIT: Found a work around... Using : Elasticsearch filter plugin We can query the stored info in elastic search and can add as a new field in to current data
NEW: Monitor These Apps!
Apache Lucene, Apache Solr and all other Apache Software Foundation project and their respective logos are trademarks of the Apache Software Foundation.
Elasticsearch, Kibana, Logstash, and Beats are trademarks of Elasticsearch BV, registered in the U.S. and in other countries. This site and Sematext Group is in no way affiliated with Elasticsearch BV.
Service operated by Sematext