I am frequently coming up with a use case for chaining saved searches and wonder if it is possible or whether will require a PR. Use case --
I have a base saved search query that filters bot traffic from nginx logs, lets say it looks like this-user_agent: (ELB-HealthChecker*), in reality it is much longer. I have another search query that gets requests to the home page request: "/", much longer again this is just illustrative. Now I would like to chain these two search queries instead of mashing them into one super query.
I guess it would be modular query building.. would be really nice to have this. Any thoughts would be awesome.
Hmm could be some confusion. I am familiar with pipeline aggs, not sure if this is what I'm after though. Essentially I want to be able to say:
search: S1 AND S2
as opposed to
search: -user_agent: (ELB-HealthChecker*) AND request: "/"
No new functionality is required on elasticsearch side. It would just make things a bit cleaner on the Kibana side of things. Lets say I use S1 with S2, S3 and S4 all in their own different searches, not together, but separately.
search: S1 AND S2
search: S1 AND S3
search: S1 AND S4
and I want to modify S1.. instead of having to modify every search, I would just modify S1 and it would be applied to every search.
Its not possible - but I think it has been requested before - there might be a GIT issue you can +1.
Personally I think it would be a very useful feature - I have added this to my application, which embeds Kibana dashboards , then I just build up the query string on my side and pass it through to Kibana via the URL parameters.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
