Menu
I want to create a dashboard which shows information about a limited set of request values :
request:("/path1" OR "/path2" OR "/path3")
What I've tried so far:
Is their a way to do this using the Dashboard editor or does it require some json scripting via Settings->Objects->Dashboards ? If so can you point me a good reference to this (escaped) syntax ?
In Kibana 3 you could define filters of type "either". Does this functionality exist in Kibana 4 ?
I'm using Kibana 4.0.2
913
Use the Logs app in Kibana to explore and filter your logs in real time. You can customize the output to focus on the data you want to see and to control how you see it. You can also view related application traces or uptime information where available.
A phrase is a group of words surrounded by double quotation marks, such as "test search" . To search for an exact string, you need to wrap the string in double quotation marks.
You can build your dashboard by adding visualizations. By default, Kibana dashboards use a light color theme. To use a dark color theme, click on the “Settings” button and check the “Use Dark Theme” box. To add a visualization to the dashboard, click the “Add Visualization” button in the toolbar panel.
I am not sure if this is an answer to your actual question, I'll write it anyway as someone may benefit and I found examples on the Kibana filter syntax to be elusive when googling.
I am trying to define a boolean filter instead of a boolean query in my Discover tab, to unclutter the search field and fascilitate further filtering on a limited set of values.
I found this link to the documentation where AND, OR, NOT filter syntax is described. After a bit of experimenting this was what worked for me, example:
I have a field named host containing the name of the server shipping the log entry. There are quite a few servers, each belonging to one of several redundancy groups. To filter only for log entries produced by the servers "SERVER06 OR SERVER07 OR SERVER08" which happen to belong to a distinct redundancy group B-Servers I can make an OR filter like so:
{
"bool": {
"should": [
{
"query": {
"match": {
"host": {
"query": "SERVER06",
"type": "phrase"
}
}
}
},
{
"query": {
"match": {
"host": {
"query": "SERVER07",
"type": "phrase"
}
}
}
},
{
"query": {
"match": {
"host": {
"query": "SERVER08",
"type": "phrase"
}
}
}
}
]
}
}
and save it as a search called B-Servers. Now I get a filtered list, where I can cherry pick a server with a further and more restrictive filter. Before I had all servers and the quick count only listed the five top entries, so I had to pick one and then edit the filter manually if my target wasn't in the list.
This should be useful for other string type fields too. The documentation should have included a couple of more examples I think, to set the context for the placement of the bool statement and not just a demonstration of the principle.
This link was also useful for demonstrating how to do booleans from the search field rather than as a filter.
[EDIT] An update for Kibana 5.2 as I could not get the previous syntax to work. The following did the trick with 5.2, I used this link to figure it out:
{
"query": {
"bool": {
"should": [
{
"match": {
"host": "SERVER06"
}
},
{
"match": {
"host": "SERVER07"
}
},
{
"match": {
"host": "SERVER08"
}
}
],
"minimum_should_match": 1
}
}
}
Kibana 4 is a total rewrite and apparently not all Kibana 3 features are yet implemented. I've found an "enhancement" ticket in the Kibana github: https://github.com/elastic/kibana/issues/3693
This closes my question for the moment.
24
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
