Hi all,
I'm new to this product and it's amazing!
BTW I've a lot to learn and I'm already having issues with a simple graph.
I'm logging pfSense logs (firewall). I would like to create i.e. a pie graph that shows me blocked rules against passed rules. Until here ok:
Pie graph with metric count, Split slice, aggreations: Terms, Field: action.keyword, Metric: Count.
This gives me a nice pie showing me PASS / BLOCK count.
BUT how to implement that it should NOT count in example records that contains Fields dest_ip.keyword = "192.168.1.1" ?
I cannot use the "Exclude" of JSON Input.
Thanks a lot!
Simon
Hi, one way to do this would be to first filter the underlying data using a saved search for the visualization.
- From Discover, click "New", and pick your index pattern and time range.
- Click "Add a filter" and use the controls to make a
NOT dest_ip.keyword: "192.168.1.1"filter - Save the search and name it something meaningful, like
logs-filtered - Make a new Pie Chart visualization. After picking the type of visualization, you're presented with a screen titled, "Choose a search source". Instead of selecting the "index" as before, select the
logs-filteredsearch
What's great about this is you can link many visualizations to the same search, and you can change the search after visualizations are linked to improve the filters.
BTW I'm using Kibana 6.7.0. The titles of the screens and steps may be different for me.
Hello!
Thanks a lot for the suggestions! I'll give it a try, and yes, I've not understood previosly that I can simply apply a filter on the search itself and the graph is then updated 
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.