I am developing a kibana drop down filter plugin and I want to get the list of all fields in particular index in client side to list them in drop down menu.
How to get them?
Thanks.
Option 1: you need to send the next query to elasticsearch:
GET /.kibana/index-pattern/_search
There you will find the definition of all index pattern
Option 2: you need to send the next query to elasticsearch:
GET /myIndex/_mapping
Related
Trying to search for a complete json request in kibana webapp.
Sample
Request body::
{"mobileNumber":"***** ","custType":"abc","rejectReasonDesc":"","applicationId":"*****"}
i want to filter only the request with "rejectReasonDesc":"" i.e empty reject reason desc value .
please help on this
Create index pattern to point to your index.
Click on Add filter link
Select rejectReasonDesc.keyword field as per below image
For example this is a query I do:
server:"xxx.xxx.com" AND request_url:"/xxx/xxx/xxx" AND http_X_Forwarded_Proto:(https OR http)
Now if I want to search for all the documents/records that doesn't have http_X_Forwarded_Proto field what should I do? I tried:
server:"xxx.xxx.com" AND request_url:"/xxx/xxx/xxx" AND http_X_Forwarded_Proto:"-"
and it didn't work...
You need to use -_exists_ on the Kibana Discover search bar.
For example to see the documents where the field http_X_Forwarded_Proto does not exists, you need to use: -_exists_:http_X_Forwarded_Proto
To see the documents where the field exists, just remove the - from the search: _exists_:http_X_Forwarded_Proto
If you are using a recent version of Kibana you also can click on Add a filter below the search bar, choose the field and select exist or does not exist
I am using Elasticsearch and Kibana as plugin to view the data in the indices. I am using Kibana's DevTools to send commands for adding/deleting/updating indices etc.
I want to add a field to a certain text property so it will have a keyword field to be able to both make a full text searches and aggregate using this property.
1) Does a change like that means I need to update Kibana's index pattern as well?
2) I have read the ElasticSearch's docs on PUT Mappings and know how to use it to update the indices themselves, but I don't know how to update the index patterns.. I read the same API should be used to update it, but I don't know how to see the index pattern's original mapping in order to update it.
Yes, if you change the index mapping in ES, then you need to go in Kibana and refresh the related index patterns.
Right now, you need to go inside Kibana (Management > Index patterns), select the index pattern, and press the "Refresh" button at the top right of the window in order to pick up the mapping changes.
Also note that if you updated some text fields in order to have a keyword sub-field, you'll also need to call the _update_by_query API on your index in order to reindex the changed field in all your documents
I'm using kibana-4. Following the documentation here I should be able to create an index by putting this in my elasticsearch.yaml file:
PUT .kibana
{
"index.mapper.dynamic": true
}
I'm not sure I understand how to do this, because a yaml file should not take values formatted like the above block, right?
I noticed that .kibana was a default index, so after inputting it into the kibana console, I was asked to input a time field for the default index. However, the input HTML element is a dropdown that contained no options. Without selecting a time-field option I am not allowed to create a default index. What am I supposed to do? Has anyone else run into a similar problem?
I understand the problem faced by you. Even i faced the same while using Kibana 4 for first time.
Here are 2 possible solutions to your problem:-
1. Input data into elasticsearch which contains a timestamped field. So upon inputting data that field will be directly recognized by Kibana & would be showed to you in the dropdown menu (where you are currently seeing empty).
It is empty because Kibana couldn't recognize the timestamped field from the data inserted by you in elasticsearch.
2. Untick the option of Index contains time-based events which will allow you to just enter your index name & access Kibana.
Note:- while using Option 2 & specifying index name as .kibana you would notice that it doesn't contain any field or data because .kibana doesnt store any data.
I would suggest you to create an index using curl command and insert data in it with or without timestamped field. If inserted data without timestamped field use Option 2 otherwise use Option 1.
I have accidentally created some wrong scripted field in kibana-4 and now my elasticsearch is not working and throwing exceptions. I am looking for a command to list all the scripted fields currently used by the elasticsearch and delete the one that is causing trouble to me.
You can easily/add delete a scripted field in Kibana 4.
Just go to Settings, select Indices tab, click on your index name , selected scripted fields tab beside the fields tab & add/delete accordingly :)