we want to use elastic stack to aggregate logs and to filter easily for errors and corresponding stack traces. We also want to combine multiple log files, that we can trace the function calls by the logs.
Target is to give the ops or tester an easy to use tool (kibana) and then he / she can export the data (stacktraces, etc.) to ship them to the developers.
So in our use case, the ops or tester need to see columns like username, sessionid, requestid, status, etc to filter for the . The developer needs to get all filled / used fields.
I noticed the following:
when one or more columns are selected for a search, ONLY these selected columns are exported.
when no column is selected, it defaults to _source field which exports ALL fields.
So, is there any better way to than the following workflow?
load predefined search (loading needed fields)
set query and filters to shrink resultset to the events which are needed
remove all columns
save query as new query (so I will keep my template / preset search)
generate the csv reporting
delete search
Or is there a way to create a report for a search when from a dashboard, where it is embedded?
I am hoping to find something like a one or two click workflow for generating the export.
Please let me know if I'm misunderstanding the question.
As an example, my filebeat-* index pattern has nearly 1000 fields. But only the fields that contain data are shown in Discover when no columns are selected. And only those fields are exported in the CSV.
Are you seeing fields in Discover that contain no data? Which version of Kibana are you using?
I think you got me wrong.
When ops or a tester has the task to gather relevant log data, they will use sth. like these columns to identify the needed events (just as example):
But the developer is not just interested in these fields, they need additional fields like reqest number, requestBody, responseBody, stackTrace. Maybe dev needs 20 more columns / fields to analyte the issue.
When exporting to csv in discovery:
if fields / columns are defined -> only these are exported
if no fields / columns are defined, all used columns are exported.
I am searching for an option to export all used fields although some fields are selected.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
