The opendistro alert history is stored in the .opendistro-alerting-alert-history-<date> index
Is it possible to get the alert query data/execution result from a past Completed alert?
I’m not able to find the data
Thanks in advance
Yes, all COMPLETED alerts are saved in .opendistro-alerting-alert-history-<date> index as you mentioned, reference.
Try adding an index pattern and make sure to include system indices: .opendistro-alerting-alert-history-*
You can always view them in ElasticSearch by using this query: http://my-awseome-es:9200/_cat/indices?expand_wildcards=open,hidden
As the index starts with .(period) it is hidden just like UNIX hidden files/folders.
I have made a grafana dashboard to visualize the alert data: 12875
Please have a look, it can provide a reference for Kibana.
Related
I have one ELK index available using that I am showing visual dashboard.
My requirement is that I need to empty or remove the data only , not the index it self. How i can achieve this. I googled a lot . I am getting solution to remove the index, but i need only to remove the data so index will remain there.
I want to achieve this dynamically using command prompt.
You can simply delete all the data in the index if there's not too much of it:
POST my-index/_delete_by_query?q=*&wait_for_completion=false
I am starting to use ES and Kibana, so apologies in advance if this question doesn't make sense!
I'd like to be able to see in Kibana a list of my current indices, similar to what you get with:
curl 'localhost:9200/_cat/indices?v'
I was expecting to be able to see in Kibana functionality partly like a DB client where you can connect to a DB server and see all the databases, then drill down in each of them to see tables and content. I'd love to have that kind of workflow in Kibana.
The closest I can find is in Management -> Index Pattern, but it'll display a list of all fields, which is too much information and I can't see any column in the table that points to which index each field belongs.
As I said I'm just starting so it might be I'm not looking in the right place!
I don't think we have any option to see the hierarchy like you see in traditional DB application.
If you are looking for something in kibana which can give you information similar to curl 'localhost:9200/_cat/indices?v', then you can go to "Monitoring-> Indices" which will list out all the index with there stat's(document count, data size, index rate etc).
If you don't have the x-pack installed then you have to use the "Discover" tab where you can see the list of all the index from the drop down, also the _type and all the available fields in the index.
I have a problem with Kibana: Dashboard and visualizations don't show any results!
As you can see in this screenshot, in the discover tab I get some results! Which means data exists in my index "as-*". right? But I used a trick in order to display this data :
1) I changed the range to "Today" ==> it shows no result found !
2) I clicked "New" button ==> then i get my data displayed!
Is there an other way "more proper" to get data displayed?
Then in the my dashboard (or visualization) I can't get any results!! even if the range is the same as discover tab!
I restarted Kibana ==> no changes!
I deleted as-* then I created it => no changes!
I'm using Curator to create daily index and logstash to index the data into ES!
I'm stuck here ! I ll be glad if you can help me figure it out !
Thank you very much!
I am fairly new to elasticsearch and Kibana, but here are three mistakes that I made in the past:
Are you using the correct index? Make sure that the index you have chosen for the logs that are displayed on the visualise page and for the actual visualisations is the same.
Correct timeperiod: does the time period you have chosen contain the data you are looking for? Or did you happen to have zero logs during that time?
Correct filters and aggregations: when you were making the visualisations, did they show any results? Or were they empty from the beginning? Maybe one of your filters or aggregations is wrong and it's excluding the results you're expecting to see.
Not sure if this is any help, hope you've sold the problem by now :)
If you can see information in "discover", it means that kibana has connected to the database, and that the database has information. You shouldn't have to click the "New" button to see information in the discover view. I believe the "New" button in the "discover" page is used to create a new search.
Maybe try zooming on the time period of the data on the "discover" page, or
try checking the systems logs to see if logstash is successfully pushing information to Elasticsearch.
With Kibana, dashboards are made up of visualisations, and visulations are made up of searches.
The "No results found" on the dashboard page, shown in your second page is due to the visualisation having no results. I guess you imported visulations into Kibana.
I hope that helps.
Let's say we have 1 million documents indexed in elasticsearch with name,id,skills,etc like a form a resume.
If I search for kartheek in the search box it will retrieve some results right and I found kartheek resume and I have clicked and view the resume.
Once I will view the resume I need to view the similar profiles based on the viewed resume.
Is it possible in elasticsearch
1.I learned about More Like This Query but we need to give input paramter i.e 'LIKE'.
2.I have seen this link
http://www.datasciencecentral.com/profiles/blogs/document-similarity-analysis-using-elasticsearch-and-python
Please any can give me ideas regarding the above mentioned request.
Thanks
Kartheek Gummaluri
To go from 1.x to 2.x you need to do what is known as a full cluster restart upgrade, you wont lose data in this case, here are the relevant steps laid out well from the docs:
Elastic Search Upgrade Docs
I'm trying to build some kind of monitor for my ELK stack. I want to know when/if my ELK is down. This will be just a simple solution. I was tasked with integrating a on/off signal within a bigger, global monitoring tool.
So I want to query my ELKs elasticsearch for the latest entry that matches one particular field value. My ELK data contains a field for each access.log row that states which server was the origin. So there is always say server_node.raw=Tomcat1 oder Tomcat2 or ...
I do get a result from my index but this seems like metadata to me. http://10.170.121.148:9100/logstash-2015.11.10/?pretty
Is there a way to query ES for the latest entry that matches server_node.raw=Tomcat1 using a simple HTTP request?
Using server_node.raw in Kibana works perfectly fine.
Anyone with an idea? I'd appreciate it.
Thanks in advance and regards. Sebastian
Yes, you are on the right path, you can simply query your logstash index with a URI search and &q=server_node.raw:... like this
curl -XGET 'http://10.170.121.148:9100/logstash-2015.11.10/_search?q=server_node.raw:Tomcat1&pretty'