Create dynamic labels from a part of es request

tofmonaute · December 18, 2019, 1:26pm

Hi,

I try to create a vizualisation with Timelion with dynamic labels ( extracted from request response )

For example: the following search in Discover tools
message: "SQL ERROR"

results in following response:
SQL ERROR occurs in DATABASE ORACLE_DFS01 at 15:01
SQL ERROR occurs in DATABASE ORACLE_DFS02 at 17:05
SQL ERROR occurs in DATABASE ORACLE_DFS01 at 19:01
SQL ERROR occurs in DATABASE ORACLE_DFS03 at 20:01

I would like to create a vizualization in which i would count all SQL ERRORS for each database:

I would proceed as follow to extract dynamically the label from the result:
.es(q='message: "SQL ERROR"', index=ref_rfnd*).label("$1", " DATABASE\s([a-zA-Z0-9._-]+)")

But it did not work

Can you help me ?

Regards

LizaD · December 18, 2019, 7:06pm

Hi @tofmonaute,

I found this discuss question that may help by using split method: Dynamic label in Timelion doesn't work as expected

Thanks,
Liza

tofmonaute · December 23, 2019, 12:14pm

No, it does not help : it just seems ITS NOT POSSIBLE TO MAKE REAL DYNAMIC LABELS with Timelion

LizaD · January 2, 2020, 5:42pm

@timroes can you help?

timroes · January 8, 2020, 11:38am

Hi,

if you want to group by the specific database and then count documents per each, you must make sure that the database id/name is stored in a separate field in Elasticsearch. If it is, you can use the split parameter in the .es function to group by that field. the label function simply specifies how the label of the individual series should be formatted, and doesn't group any documents together.

Cheers,
Tim

system · February 5, 2020, 11:38am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.