elasticsearch


How can I combine data from different fields in a Kibana visualization?


I have a Kibana (Version: 5.1.1) instance all set up with the logs from a set of applications that all work together. Each of these applications represents a different component of a single system. We want to be able to visualize things like metrics and errors across all applications.
The problem we're having is that each application happens to have structured it's logs slightly differently. Some have fields like:
ErrorMessage:<content>
Where others have fields like :
Error.Message:<content>
and yet another may have:
Exception.Message:<content>
and so on. When we try to create the visualization, we select Terms for the Aggregation, and then are presented with a drop-down list of Fields to pick from. All of the fields that we are interested in are on the list. How can I combine these fields? That is, instead of putting:
Exception.Message as my Field, I want to put something logically equivalent to
Exception.Message AND Error.Message AND ErrorMessage
rather than having to create 3 seperate visualizations for the 3 seperate apps. How can I accomplish this?

Related Links

How to combine aggregations in ElasticSearch/Kibana?
ElasticSerach cluster performance
Nxlog unable to send eventlog after certain time
Sort elasticsearch search hits by document count
Elastic search date range max, min date
Elastic search river mongodb _meta returning action not found error
Seeing many open Elasticsearch connections even after using singleton pattern
What would be a good approach for sending logs from multiple servers a centralized logging server?
does elasticsearch support queries of queries?
Data modelling with elastic search
match or term query on a long property for exact match?
Updating filtered documents in elasticsearch
Testing ElasticSearch custom analyzers
timestamp issue in elasticsearch
Elasticsearch NEST client singleton usage
Elasticsearch: suggest users based on likes

Categories

HOME
plesk
applescript
redmine
enums
transactions
antd
consul
tfs2015
haxe
native-base
jpa-criteria
azure-logic-apps
buffer
ex
amazon-elb
rest-assured
amazon-mws
pst
batch-rename
substring
ava
environment
unordered-multimap
network-analysis
gravity-forms-plugin
ninject
javax.persistence
jsonresult
cmis
jfxtras
google-now
spring-restcontroller
vungle-ads
fluid-mac-app-engine
notesview
asihttprequest
bit-shift
uiautomatorviewer
sigsegv
punctuation
stateless-session-bean
dblink
deviare
xcode6.4
s-function
ndk-build
ftp-client
dojo-build
simian
frame-grab
exists
phpquery
360-degrees
google-gdk
alwayson
ocmockito
prism-4
camus
encryption-symmetric
ildasm
multivariate-testing
otl
webaii
windows-taskbar
code39
compiler-flags
2d-vector
trialware
servercontrol
photo-management
ognl
webresponse
dip
mongrel2
suphp
formal-semantics
tessellation
activestate
isapi-redirect
community-server

Resources

Encrypt Message