Hello.
I am new to filebeat and I am using it to inject logs into Elasticsearch.
And, I want to build some visualizations in Kibana with the data that I am getting.
Is it a good approach to go with Canvas, knowing that in my "filebeat*" index i dispose of a field of type text and it has the shape of : {"a" : "expl_1", "b" : "expl2" .....} and in my queries I need I need to use conditions based on that field:
SELECT c, d
FROM "filebeat*"
WHERE a=expl_1
or is there a better way to build the visualizations.
Hey @wadhah, there are a number of ways to visualize this data in Kibana. It really depends on what level of control you'd like over the query, and how much control you'd like over the output for which tool is best. Canvas allows you a lot of flexibility in regard to the way the data is rendered, but it can require a lot more effort to do so. If you're comfortable building this in Canvas, it allows you a lot of power.
Thank you Brandon for your response.
Like for example in the case that I have already established : let's assume In my index "filebeat-*", I have 3 fields "field1", "field2" and "field3".
"field3" is a text presented as follows : {"a" : "expl_1", "b" : "expl2" .....}
I want to count "field1" when "a" takes "expl1".
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.