I am using Kibana 6.2.2 to visualize DNS traffic, and I want to filter out data with more than 4 answers, like this. However, I can't seem to filter the count of it. I tried using Terms count on the visualization tab, but I can't figure out how to group the answer section per query.
Related
We have a table that shows warning counts in our services, but we aren't interested in those that are zero.
Because the warning count is a un-indexed number (integer) we can't include it as a filter criteria. How can these be removed from our dashboard?
I am not familliar with Grafana, but ES has an "exists" query which might be what you are looking for. So, if you can integrate this in your dashboard (or find that Grafana functionality that uses it) it might help you. For your information (because Grafana might use this as well like it is) you can use "exists" query in the Lucene query dsl as _exists_. A practical example - _exists_:warning_count_field. More about this here
The same question seems to have been asked before in a more or less similar form: https://community.grafana.com/t/how-to-query-for-null-values/799/5 and the answer is the same as the one I posted above: the _exists_ filter/query.
I am starting to use ES and Kibana, so apologies in advance if this question doesn't make sense!
I'd like to be able to see in Kibana a list of my current indices, similar to what you get with:
curl 'localhost:9200/_cat/indices?v'
I was expecting to be able to see in Kibana functionality partly like a DB client where you can connect to a DB server and see all the databases, then drill down in each of them to see tables and content. I'd love to have that kind of workflow in Kibana.
The closest I can find is in Management -> Index Pattern, but it'll display a list of all fields, which is too much information and I can't see any column in the table that points to which index each field belongs.
As I said I'm just starting so it might be I'm not looking in the right place!
I don't think we have any option to see the hierarchy like you see in traditional DB application.
If you are looking for something in kibana which can give you information similar to curl 'localhost:9200/_cat/indices?v', then you can go to "Monitoring-> Indices" which will list out all the index with there stat's(document count, data size, index rate etc).
If you don't have the x-pack installed then you have to use the "Discover" tab where you can see the list of all the index from the drop down, also the _type and all the available fields in the index.
I am trying to visualize time series data stored in elastic search using grafana.
I have the legend setup to show 2 decimal places but it does not reflect in the UI.
The decimal places show up for other dashboard panels with a tsdb datasource. So this issue is specific to using grafana with elasticsearch. Is there any other configuration setup I am missing here which will help me achieve this?
Just found out that elastic search does not allow displaying values without some sort of aggregation and in my case aggregation is resulting in values getting rounded.
There was a related request which seemed to not get much traction in kibana.
https://github.com/elastic/kibana/issues/3572
In short not feasible as of [2.x] elastic search.
Let's say I have a log of events of ad displays and ad clicks stored via Logstash in Elasticsearch and displayed in Kibana 4. I would like to calculate a simple metric like CTR (Click-Through-Rate) of the events , which is :
CTR = #clicks/#displays.
First of all, does anyone know if it's possible to do in Elasticsearch + Kibana? I don't see a possibility to do it in Kibana.
I was thinking about doing it in raw Elasticsearch by scripted aggregation. But I don't know how to define such in Kibana.
Any ideas on how to do it would be very welcome! Comments explaining that it's impossible to do it would be also valuable.
Kibana 4 includes support for Elasticsearch scripting. You can go to Settings > Indices (pick your pattern) > Scripted Fields and add a new scripted field that computes your CTR. Take a look at "Scripted Fields" at elastic blog for more info.
I had to do something similar for a customer, but couldn't manage to get it done using scripted fields, because I had to sum UP all the values on each aggregation. I ended up developing a custom visualization (Plugin). This was for Kibana 4.1 and 4.5.1.
Let me know if this is what you are looking for, or if you want to give it a go yourself I can give you some pointers.
I am hoping to find some information on the syntax of kibana queries. I want to be able to have a query that returns the max value of a field. Is this possible I have seen some stuff on facets but not sure if it apply's?
I know that max is an option for the histogram but i would like to use it elsewhere.
Since Kibana queries use the Lucene query syntax or RegEx, currently its queries seem to return matched records only (no aggregation).
I believe that aggregation (Max, for example) is only possible in Kibana Panels such as the Histogram.