Sunburst pulls the wrong data for one index #3
Comments
|
Can you attach a screen capture, of the chart and the configuration?
Thanks!
2017-01-15 8:03 GMT-03:00 maggiedeblock <notifications@github.com>:
… Good evening,
I'm having an issue with the Sunburst plugin displaying the wrong
information for one particular index (sent over from ntopng). Whenever I
use the IPV4 SRC / DST addresses as a ring on this diagram, it shows the
"key" instead of the actual IP address. However, in the table you pull up
from the bottom of the diagram, it shows the correct information in the
column. This is the only visualization that has this issue with my ntopng
output. See below for the actual request / response:
*Request:*
{ "size": 0, "query": { "filtered": { "query": { "query_string": {
"analyze_wildcard": true, "query": "*" } }, "filter": { "bool": { "must": [
{ "range": { ***@***.***": { "gte": 1484391657358, "lte": 1484478057358,
"format": "epoch_millis" } } } ], "must_not": [] } } } }, "aggs": { "2": {
"terms": { "field": "IPV4_DST_ADDR", "size": 5, "order": { "_count": "desc"
} } } } }
*Response:*
{ "took": 4, "timed_out": false, "_shards": { "total": 5, "successful": 5,
"failed": 0 }, "hits": { "total": 16576, "max_score": 0, "hits": [] },
"aggregations": { "2": { "doc_count_error_upper_bound": 78,
"sum_other_doc_count": 7296, "buckets": [ { "key": 3232236306,
"key_as_string": "192.168.3.18", "doc_count": 3569 }, { "key": 4026531834,
"key_as_string": "239.255.255.250", "doc_count": 2264 }, { "key":
3232236543, "key_as_string": "192.168.3.255", "doc_count": 2101 }, { "key":
3232236289, "key_as_string": "192.168.3.1", "doc_count": 542 }, { "key":
3232236380, "key_as_string": "192.168.3.92", "doc_count": 278 } ] } } }
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#3>, or mute the
thread
<https://github.com/notifications/unsubscribe-auth/AOi0OwjrTY2AMlEqnxu4CLcYSRTkcAZ0ks5rSf0agaJpZM4Lj4y_>
.
--
Juan Ignacio Carniglia
|
|
Here is the chart itself with the configuration off to the left: |
|
It is not showing the "key", it is showing the Integer representation of
the IP address.
(Check it out here, in this online conversor:
http://www.ipaddressguide.com/ip )
You have some issue with your IP Address field formatter. Just guessing. Or
the visualization is doing a conversion to INT?
2017-01-16 17:20 GMT-03:00 maggiedeblock <notifications@github.com>:
… Here is the chart itself with the configuration off to the left:
[image: sunburst_chart]
<https://cloud.githubusercontent.com/assets/25132251/21997777/0b09ab0e-dbff-11e6-9835-0f930e8afb42.png>
Here is the table showing the correct values:
[image: sunburst_table]
<https://cloud.githubusercontent.com/assets/25132251/21997803/285b6f4e-dbff-11e6-9e80-197522202188.png>
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#3 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AOi0O5Q2BCjnJqovnwUW_a4a-nJPi_AKks5rS9DygaJpZM4Lj4y_>
.
--
Juan Ignacio Carniglia
|
|
It appears to be doing a conversion to INT at some point, going off the results of that calculator. Would that be on the end of the visualization, ES or the ntopng software? |
|
I'm not sure if it's on the visualization end or my end. It displays properly in all other Visualizations, just not Sunburst. The only other time I've had an issue is with the Elastic Graph plugin not liking the same field. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Good evening,
I'm having an issue with the Sunburst plugin displaying the wrong information for one particular index (sent over from ntopng). Whenever I use the IPV4 SRC / DST addresses as a ring on this diagram, it shows the "key" instead of the actual IP address. However, in the table you pull up from the bottom of the diagram, it shows the correct information in the column. This is the only visualization that has this issue with my ntopng output. See below for the actual request / response:
Request:
Response:
The text was updated successfully, but these errors were encountered: