Dynamic dashboards in Kibana?

Elastic Stack Kibana
1

Hello,

I would like to ask about creating dynamic dashboards in Kibana. I've found similar questions but they were much more general, for example this one:

I would like to be more concrete. So, I'm processing a custom file which contains filenames with creation time, last access time and last write time, for example (there are more columns in .csv but i'm not interested in them):
C:\Program Files\Common Files;07/14/2009 05:20:08;07/14/2009 05:20:08;07/14/2009 05:20:08;

I would like to create a histogram which will contain timeline on x-axis - for each access time present in the log. Then, when i click on the column in dashboard, I would like to see which files were accessed at this time (redirect to another dashboard, text output, anything, ...).

So I've processed the log using filebeat, logstash, ES and displayed the dashboard in Kibana. This is the way how I'm creating the input in logstash for elastic search, so I can display it:
filter { csv { columns => ["file","accessTime","creationTime","writeTime"] separator => ";" remove_field => ["message"] } date { match => [ "accessTime", "MM/dd/yyyy HH:mm:ss" ] target => "accessTime" } date { match => [ "creationTime", "MM/dd/yyyy HH:mm:ss" ] target => "creationTime" } date { match => [ "writeTime", "MM/dd/yyyy HH:mm:ss" ] target => "writeTime" }}

This is what i can get in Kibana:

dash.JPG1408×779 41.5 KB

Is there any option, how can I found out which files are counted for example in most right column?

Consider that I am very new in ELK stack.

Thanks for suggestions.

2

You can try the following steps:

  • go to Discover board
  • save your search ( just save * if this is the search zou use in dashboard )
    -- make sure you dont have any filters applied or they will be saved with search
  • go to your dashboard and click ADD
  • select searches and choose your saved search

kibana will show a list of all your documents in a table, which you can move around your dashboard just like visualizations.

at this point you can expand one entry and select which fields would you like to view in the table by clicking on the "toggle in table" icon

  • save your dashboard now

now if you click on one columns in your graph kibana will ask you if you want to apply filters ... agree on that

and now you should see just the documents from that column listed in the table.

let me know if this helps, if you are able to find the settings i am talking above (else i will provide some screenshots) and if this is what you are looking for.

regards, Peter

3

does exactly what I wanted :slight_smile: thanks a lot.