Canvas Monitoring Questions

TFresenius · September 3, 2019, 3:13pm

Hello, I'm seeking to create an auto updating monitoring solution through Kibana Canvas -- but I'm a bit lost in regard to finding information on querying metricbeat properly and developing these "live maps". If anyone has a decent understanding of Canvas and querying metricbeat -- your assistance would be appreciated.

As of this moment, I'm stuck right at the start of my goal. I have a baseline understanding of how Canvas works -- but I am unable to properly query metricbeat. I want to make sure my ability to create queries is set prior to fiddling with elements in canvas. For testing purposes, I have utilized kibana_sample_data_flights to double check my queries. From my understanding, I notice that metricbeats are stored in daily indexes in our QA deployment -- therefore in order to have a live updating map I assume I would need to somehow utilize the next level up which appears to be metricbeat-*.

In order to test metricbeat I attempted some basic queries. This one was simply using DESCRIBE. Every test here worked for the flights data.

POST _sql?format=txt
{
  "query":"DESCRIBE metricbeat-6.3.2-2019.09.03"
}

I did attempt to utilize " or ' to deal with the parsing exception, but it didn't appear to work. Which confused me more. I assume there is some basic info I just haven't found in regard to querying these properly.

Note: When I tried this using metricbeat as the name I got this output (using -* would just cause another parsing error):

I also attempted to SELECT * FROM each index just to test if it was responsive to that

POST _sql?format=txt
{
  "query":"SELECT * FROM metricbeat"
}

This response confused me as I was having issues with getting it to be comfortable with metricbeat-* instead of metricbeat. It was either a parsing error or unknown index.

I don't know why the SELECT metricbeat would return unknown index, but the DESCRIBE metricbeat returned an empty graph.

TLDR -- Trying to understand how to properly query metricbeat for "live monitoring" with canvas elements because my current basic attempts haven't been working. Formatting and avoiding parsing errors appear to be an issue along side that.

Pardon my ignorance, and thanks for taking the time to help out.

Ryan_Downey · September 5, 2019, 4:05pm

Overall were just trying to learn how to query our metricbeat indices. On a steep learning curve right now so any links to documentation are always appreciated. We've been doing a lot of research but its very possible were missing some pertinent info and a little direction could help us put the pieces together.

elasticforme · September 5, 2019, 4:13pm

GET _sql?format=txt
{
"query": """
select * from "index_name"
"""
}

run this from your dev tool. I think you have to use GET and not post

Dan-M · September 5, 2019, 4:37pm

I think you were trying to search across all metricbeat indices correct?

GET and POST would both work in this scenario.

POST /_sql?format=txt
{
    "query": """
    DESCRIBE "metricbeat-*"
    """
}

Ryan_Downey · September 5, 2019, 5:10pm

Appreciate the help @elasticforme and @Dan-M. Just needed a bit of insight to keep things moving on our end.

system · October 3, 2019, 5:10pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.