问题
Hi I'm new to the ELK stack. I'm using Kibana 4.1. I've managed to use the Elasticsearch Query DSL to run searches within Kibana's Discover interface to capture a data set, then used that saved search to create a new Visualization and Dashboard widget in Kibana. My Elasticsearch query looks like
{
"bool" : {
"must" : [
{
"match" : { "service" : "servicename" }
},
{
"match_phrase" : { "msg" : "Trying to get security token for user: joe" }
}
],
"minimum_should_match" : 1,
"boost" : 1.0
}
}
-this would capture any login events for user: joe. If i wanted to search for login events for user: sue I'd have to change this part of the above query query to look like
"match_phrase" : { "msg" : "Trying to get security token for user: sue" }
I was asked to see if there was a way I could use Elasticsearch Query DSL from the Kibana Discover tab or from curl on the command line - to create a dynamic query that would allow us to search for login events of various users, and then create a new visualization.
I think this is possible, I'm not sure what the best way to do this in Elasticsearch/Kibana. Can anyone point me in the right direction on how to go about this? Thanks!
回答1:
You can create a new dashboard and add visualisation over there. Afterwards, you can add your search parameters as query string in kibana dashboard.
This way, your dashboard visualisations changes on basis of argument provided.
Hope this helps.
来源:https://stackoverflow.com/questions/35160217/scripting-dynamic-elasticsearch-queries-inside-kibana-visualization