So I followed what was answered in How to retrieve unique count of a field using Kibana + Elastic Search which helped out alot. The terms panel was exactly what I needed, but I'm having a slight problem.
I'm trying to get the count of each occurance of a string, but those strings can be anything from URL's to hashes to normal words.
My grok syntax had to be NOTSPACE as it was the only thing that worked consistently. Inside my semantic named "connection" I have some of the following for examples:
http://sso.randomtest.com
https://another.company.com/idp/test
idp:company:testing
helloworld
But when I go to add my Terms panel, I get counts for the following items:
http
sso.randomtest.com
https
idp
test
idp
company
testing
helloworld
Not sure if anyone has come across a solution to this before but any help would be greatly appreciated!
I am using Kibana 3, not 4
This is because elasticsearch, being a text engine, has analyzed your data into little tokens.
logstash tries to get around this by adding a "raw" version of the field, so you can refer to "myField.raw" to get the "not_analyzed" version.