Hi,
I am trying to pimp the search field in my Kibana Dashboard for our ELK setup (standard logging use case). The main part of the dashboard is a saved search, showing the most important fields (timestamp, severity, application, hostname, message).
I want highlight events with a specific severity and/or application.
Ideally I would like to change the background color of a log line (or the field) based on the value of the fields in the event, like this:
severity == warning > yellow
application == "foo" > blue
application == "super-important-app" AND severity == "error" > RED
Is it possible to do this? I haven´t seen something like this in the documentation
Another idea I had to accomplish something like this is to use the URL-Formatter for the severity field, to load a picture for a warning sign or something like this, but I was unable to get it to work (although I admit it was late in the evening and I wanted to go home)
I copied an Image to the /bundle/src/ui/public/stringify/icons directory in Kibana, restarted Kibana and thought it should work, but it did not. I also tried to retrieve it with the webbrowser without success.
Are there Limits on the Images Kibana can load (e.g. size )? How do I make sure the loaded Image does get scaled properly? Is it possible to load other stuff except Images (iframes)?
there is a color formatter available in the field settings, that can be used to specify the foreground and background colors of fields depending on the field value. While that was previously only available for numbers, from 5.1.1 on it is also available for string fields. This sounds like it could accomplish what you ask for.
Thanks, I saw that option on Kibana 5 yesterday after I wrote the post. Is this feature available on the 4.x branch too? I am using Kibana 4.2.2 and an upgrade to 5.x is not going to happen in the next couple of weeks
However according to this post (Cell Backgroud color instead of field text fore/back color), it is only possible to influence the text background color and not the background of the line itself or at least the cell, which may look kind of poor is the text fields are not the same size
I think I might go for Option 2.
Are there any best practices, regarding image type, image size? Do I have to upload the images in the right size, or are they scaled automatically?
Is it possible to load other stuff, except images (iframes)?
What would be the best way to serve the Images?
First Option: Let Kibana serve the images
I tried to let kibana serve the files
cp /opt/kibana/src/ui/public/stringify/icons/de.png /opt/kibana/src/ui/public/stringify/icons/test.png
service kibana restart
but when I try to retrieve it, I get an 404 Error
http:///bundles/src/ui/public/stringify/icons/test.png
{
"statusCode": 404,
"error": "Not Found"
}
Second Option: Use the Apache httpd reverse proxy
I am deploying my ELK as appliance-like VM and I want to keep configuration to a minimum (I have no DNS or fixed ip addresses to rely on).
If I define my URL-Template as "http://localhost/images/{{value}}.png" will kibana resolve the address, or is it the browser? Does Kibana have a variable for its ip address?
The only other way I can think of, would be using a relative link and let the reverse proxy do it´s magic
That's right, it only affects the text colors themselves. I think the color formatter for number fields was introduced in 4.3 and for the string field in 5.1.1. Sorry to hear that you're unable to upgrade.
The image url formatter just inserts the url into the src attribute of an image tag. You would have to make sure the urls can be resolved by the browser. Kibana does not serve the images for you. If you're serving the images through the same reverse proxy you should indeed be able to just specify a host-relative url starting with / as in /image/{{value}}.png, which the browser should interpret as <kibana-host>/image/{{value}}.png.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
