问题
I have set up ELK stack and following type of JSON is getting stored in elasticsearch(following JSON is copied from Kibana UI).
Now I want to display Vertical bar chart which will have Top 5 "hostname" when "action" is equal to "passthrough"
{
"_index": "logstash-2016.06.16",
"_type": "utm",
"_id": "AVVaFcaB7mNsx5uOb1-_",
"_score": null,
"_source": {
"message": "<190>date=2016-06-16 time=22:10:26 hostname=\"googleads.g.doubleclick.net\" profile=\"Software_Dept\" action=passthrough",
"@version": "1",
"@timestamp": "2016-06-16T16:40:24.284Z",
"hostname": "googleads.g.doubleclick.net",
"profile": "Software_Dept",
"action": "passthrough"
},
"fields": {
"@timestamp": [
1466095224284
]
},
"sort": [
1466095224284
]
}
I am stuck here, able to show top 5 hostname but they are not filtered by "action" is equal to "passthrough".
回答1:
Go to the Discovery page and enter the search query : action:passthrough
Once you've entered your query in the discovery page, save your current search:
Kibana documentation
Then when creating the visualisation, after selecting the visualisation type, you use "From a saved search" to select the search you've created.
In that case only the documents from the search will be on the graph.
回答2:
There are couple of solutions for it as you need to add a filter to your records of action=passthrough.
- Go to Discover Page and enter in the search query :-
action:passthrough
In Discover page you can select the filter from the field list panel, wherein you can click on the field name i.e. action and select the positive magnifier (button) corresponding to the passthrough name.
You can also create a filter by observing a record in Discover page and click on the positive magnifier button corresponding to the field and value name.
You can even pin the filter which will persist across various tabs of Kibana i.e. if you create a filter in Discover page, evern if you open Visualize or Dashboard page the filter will be added.
- Directly within your visualization, you can add Filters aggregation or sub-aggregation specifying action:passthrough.
来源:https://stackoverflow.com/questions/37865529/vertical-bar-chart-in-kibana