Kibana - How to display log as table

Question

I'm testing Kibana 4 for a project.

I have created an index from my database table which is composed by 3 fields:

Date
User
Action

I would like to display my index as a simple table (3 column, N rows) in my dashboard.

I tried to use "Data table" visualization but I can't find a way to display my results without any Metrics (Count, Sum etc...)

Maybe is pretty simple and I missed something... is there a way to do this?

Regards,

score 173 · Accepted Answer · edited Aug 16 '21 at 06:51

173

On the Discover tab, create a view that has just the fields you want and then save that as a search.

On the Dashboard tab, click on Edit then hit the + Create new button to add a widget, but if you look at the top, there's a Searches tab. Select that and add your saved search in.

edited Aug 16 '21 at 06:51

Techie

8,594
1
13
7

answered Apr 16 '15 at 15:50

Alcanzar

16,985
6
42
59

8

Thank you very much. Took me way too long. – spezifanta Sep 01 '15 at 20:11
Useful for me too! Thanks. – TheMightyLlama Apr 08 '16 at 13:25
7

Thanks, exactly I was looking for. Imho it was very counterintuitive to find for me. – darkless May 03 '16 at 16:23
2

Is there any way to down download the raw data which is displayed as table? – Rama Vadakattu Jan 25 '17 at 07:24
@RamaVadakattu there isn't currently a way to do it within Kibana. – Alcanzar Jan 25 '17 at 14:55
2

WOW, I have been looking for this for ages. It's a pitty that I can't change the name of the columns. – Carlos Vega Feb 22 '17 at 10:11
@Alcanzar But it is very limited. We can only manage 100 saved searches in it. But, we would like to have more than 500 nodes of log has to be captured. Any best way to handle this scenario. – ArunRaj Feb 05 '18 at 06:04
Thank you! Worked perfectly! – CORPORATEWAGESLAVE Aug 20 '18 at 11:54
Thank.. god.. Now Kibana actually useful! – Duane Sep 03 '18 at 02:45
Much more praise to you Zar! – gmolaire Oct 26 '19 at 03:47

score 21 · Answer 2 · answered Nov 16 '19 at 23:01

21

[Elastic 7.x / 2019 Update]

I was a bit confused when I read @Alcanzar's answer so I am sharing a little more noob-friendly step-by-step how-to here :

STEP 1 : Create the Index Pattern

STEP 2 : Go to the Dashboard view, and create a view on your index
Select each column you want to include/add in your view by clicking "add" on it (The confusing part is that until you do that, you will have a "scrambled" view listing everything in a jumbled way.)

STEP 3 : Go to the Dashboard view, and create a view on your index

The trick is to select the specific columns you want to include... and voila !
Don't forget to save your view, this will help a lot in the process.

answered Nov 16 '19 at 23:01

Mehdi LAMRANI

11,289
14
88
130

2

The One-Million dollar question, how to change the column name??? – Francisco Souza Feb 03 '20 at 17:33
@FranciscoSouza you would need to update the mapping and probably also reindex your date for that. No easy way around this. You cannot just alter a column name like that in ES. There are a few workarounds if you dig the subject – Mehdi LAMRANI May 19 '20 at 14:41
How can we apply the conversions(bytes to MB or GB) at data table Columns in kibana? – BSG Jan 21 '22 at 13:23

score 21 · Answer 3 · answered Jun 11 '20 at 22:07

In Kibana 7.5.0 you can do it as follows:

Go to Discover section
Select fields you are interested in
Click on Save to save your discover search so you can use it in visualizations and dashboards
Click on Dashboard and create a new dashboard
Click on Add and select the panel
There is no step 6

score 0 · Answer 4 · answered Nov 27 '19 at 15:59

The accepted solution has its pros (if, for simplicity, you see your index as a table, this is the only way to deal with rows naturally) but also cons (it allows the user to see too much information, by expanding the records that appear in the table; users cannot get an export of the values).

So if you plan to build tables to use in reports seen by users which should not see everthing and may want to get exports of the data, I recommend a different (hacky) approach using Table visualizations:

Say you have three columns A, B and C:

If there are no duplicates considering the combined values of A and B, you can use these two vales as aggregation fields, and then set a Max or Top hit Metric for C.
If even A, B and C have duplicates, then you can use the three of them as aggregation fields and add a Metric count, that will give you the number of repeated rows. This solution makes somehow sense, because instead of repeating the same row 'n' times you just tells you should have repeated 'n' times that row.
If A and B have duplicates but A, B and C are unique, then there is, afaik, no elegant solution. You have to use the three of them as aggregation fields, but then you would have a dummy metric at the end (e.g. count, always equal to 1).

Why? why do we have to go through all of this? that is another question...

Why ? Well, Kibana is not *really* and end-user tool. If you need fine-grain access management to filter what end-users can see you would need to isolate ELK through a web front-end that is accessible to them where you serve only what you want them to see, the way you want them to see it — Mehdi LAMRANI, May 19 '20 at 14:45
@MehdiLAMRANI Yes, you are right. But it took us a while to acknowledge that, and I think Elastic's marketing is a bit ambiguous with regards to that specific use-case... What at the end of the day just leads to frustration. And it is a pity, because I don't think Kibana is that far away to being an end-user tool, and that is what the market is asking for, imho. — HerrIvan, Jun 03 '20 at 13:45

Kibana - How to display log as table

4 Answers4

Linked

Related