Apply Filter Query to Visualization

Elastic Stack Beats
1

Hi,

I'm currently facing the problem that I cant filter my Disk used [Metricbeat System] ECS visualization for a specific system.filesystem.device_name. When I Group By Term I can see all devices ->

image
image.png1920×1067 171 KB

But now I want to use a filter to only display the /dev/sda1 device. However the filter I implemented is not working at all. I only receive The request for this panel failed even though it works when I run it in the Console.

This is my Filter Query:

{
  "query": {
    "bool": {
      "must": {
        "match": {
          "system.filesystem.device_name.keyword": {
            "query": "/dev/sda1"
          }
        }
      }
    }
  }
}

Regards,

Philipp

2

Hi @philipp_s,

From they query you are showing it seems the Metricbeat index template wasn't correctly installed.

Did you get any error when running Metricbeat?
Did you change any default settings on index name, template or index pattern?

Best regards

3

Hi @exekias,

All the other metrics and visualizations actually work fine. This is the elasticsearch output I defined in the metricbeat.conf of the logstash pipeline:

output {
  elasticsearch {
    hosts => "elasticsearch:9200"
    manage_template => false
    index => "%{[@metadata][beat]}-%{+YYYY.MM.dd}"
    document_type => "%{[@metadata][type]}"
  }
}
4

Hi @philipp_s,

It sounds like you didn't run metricbeat setup, that should configure the proper index template in Elasticsearch. If you use Logstash as an output, you may need to add the template manually.

5

Hi @exekias,

I dont understand exactly what you mean. I can see the correct table in the discovery so the index must be correct right?

image
image.png1034×860 57.4 KB

6

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.