Exclude pattern help

Elastic Stack Kibana
1

Hi guys.

I'm creating some pie chart based on a check.ouput content , that output has a value that represents memory usage ( it's a custom java metric I'm trying to achieve ), so far so good, but
the output also contains extra characters , non numbers, so I'm excluding them with something like this:

com.jvmtop.openjdk.tools.localvirtualmachine.getlocalvirtualmachine|com.jvmtop.jvmtop.main|at|be|java|jdk|jre|no|jdk1.8.0_91|seems|to|usr|com.jvmtop.view.vmdetailview|com.sun.tools.attach.virtualmachine.attach|exception|in|init|java.io.ioexception|linuxattachprovider.java|linuxvirtualmachine.java|main|method|native|process|source|such|sun.tools.attach.linuxattachprovider.attachvirtualmachine|sun.tools.attach.linuxvirtualmachine|sun.tools.attach.linuxvirtualmachine.sendquitto|thread|unknown|virtualmachine.java

Is there a way to remove all those characters including the dot (.) with a regular expression? or say, only include numbers so I can assure no extra chars will be available?

Thanks for your time and support
Regards

2

That's an awful lot of exclusions, I suspect this is more of a data organization issue. Usually you shouldn't have to worry about excluding so much once you're indexing data in a way that you can use it.

Can you tell me what check.ouput looks like, and how you're logging your custom Java metrics? Maybe you can provide a handful of examples from your data?

3

Sure
I execute a script like this, I using sensu, need to collect an create some metrics with all the Java information I can collect.

#!/bin/bash
/tmp/jvmtop.sh 59461  -n 2 >/tmp/ThrWaiting
WAITING=`cat /tmp/ThrWaiting|grep WAIT|wc -l`
echo $WAITING

Then I perform a search in kibana and save it to create the visualization:

check.name:"CheckJVMThrWaiting" AND client.name:"servername"

Then I get this on the output:

   t_type         sensu
   taction         create
   check.auto_resolve         true
   check.command         sudo /opt/sensu/embedded/bin/check_java_threads-waiting.sh
   check.duration         1.986
   check.executed         1,481,309,048
   check.handlers         logstash
   check.history         0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
   check.interval         60
   check.issued         1,481,309,048
   check.name         CheckJVMThrWaiting
   check.output         8
   check.status         0

Then I create a pie chart , select Term and check.output as the source , but get all that garbage to exclude and are displayed as a value as well, maybe it's not the right way to do this, any tip appreciated.

Thanks
Regards

4

Hrm, so I take it that check.output can be anything then? I guess that's not too bad.

To your original question, if all you want to do is filter out records with any non-numeric value of check.output, adding this to the query bar should do it:

check.output:/[0-9]+/

Screen Shot 2016-12-09 at 5.11.23 PM.png1386×997 53.4 KB

Here I have 4 records in my index, 3 of which have values that are only numbers (8, 800, and 9238725), and one of which has a mix of numbers and letters (8y394hr487ty). Only the 3 that are purely numbers match.

5

Thanks Joe, I'll give it a try.
Regards

6

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.