Field Correlations In Kibana Canvas

rusty_cole · January 13, 2022, 1:08pm

Hi Guys,
I've been using the kibana canvas dashboards and so far I'm really impressed.
The only issue I have is with the correlations.
I understand that SQL JOIN is not supported.
What is the alternative? in big data and log ingestion systems, correlations ability should be basic.
I did found a way to corelate fields, with the DSL language.
But there is no DSL in canvas. so I had to run the DSL query outside elastic and ingest the results back to canvas. which seems very odd.
Am I missing something here?
Any help would be appriciated.

Thanks!

flash1293 · January 13, 2022, 1:22pm

It's not one of the languages supported by UI, but you can use the DSL in Canvas as well using the esdsl function - open the expression editor in the bottom right in canvas and edit the expression there. This is a basic example that should get you going (using logs sample data):

esdsl dsl='{ "aggs": { "exts": { "terms": { "field": "extension.keyword"} }}}' index="*sample*logs"
| table 
| render

Can you elaborate on what you mean by correlations exactly? Maybe there's another way to achieve your goal.

system · February 10, 2022, 1:48pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.