I try to create a vizualisation with Timelion with dynamic labels ( extracted from request response )
For example: the following search in Discover tools
message: "SQL ERROR"
results in following response:
SQL ERROR occurs in DATABASE ORACLE_DFS01 at 15:01
SQL ERROR occurs in DATABASE ORACLE_DFS02 at 17:05
SQL ERROR occurs in DATABASE ORACLE_DFS01 at 19:01
SQL ERROR occurs in DATABASE ORACLE_DFS03 at 20:01
I would like to create a vizualization in which i would count all SQL ERRORS for each database:
I would proceed as follow to extract dynamically the label from the result:
.es(q='message: "SQL ERROR"', index=ref_rfnd*).label("$1", " DATABASE\s([a-zA-Z0-9._-]+)")
if you want to group by the specific database and then count documents per each, you must make sure that the database id/name is stored in a separate field in Elasticsearch. If it is, you can use the split parameter in the .es function to group by that field. the label function simply specifies how the label of the individual series should be formatted, and doesn't group any documents together.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
