Filters set not impacting graph?

tpnoonan · March 26, 2021, 3:05pm

I have two filters on a workpad, one for time and one for customer in this case.

timefilterControl compact=true column="startTime" filterGroup="perfGroup"
| render

esdocs index="dynatrace-problems-" fields="customer" sort=", asc"
query="SELECT customer FROM "dynatrace-problems-" GROUP BY customer ORDER BY customer ASC"
| dropdownControl valueColumn="customer" filterColumn="customer.keyword" filterGroup="perfGroup"
| render

Then I have a graph that references the filter group that both filters above are associated with.

filters group="perfGroup"
| timelion
query=".es(q=_id:, index="dynatrace-problems-", metric=cardinality:_id, timefield=startTime).label('Problem Count')" interval="1d"
| pointseries x="@timestamp" y="sum(value)" color="project"
| plot defaultStyle={seriesStyle bars=0.75} legend=false
| render

The time filter seems to apply, but the customer filter does not. I've tried having the two filters having their own group names and then referencing them separately and that didn't seem to work either.

Anyone have any ideas? I'm using the latest elastic (7.12)

markov00 · April 1, 2021, 10:13am

Hi, I'm not 100% sure but seems that timelion doesn't works fine with the dropdown filter.
Can you try to use a ES SQL query instead?

tpnoonan · April 1, 2021, 3:29pm

I mean, I could, for some of my data, but I've got a 10-12 page live presentation that I wanted to setup to report some data to our customer base. After spending a day or two just trying to prove out some use cases I came to the conclusion that Canvas is not ready for what I wanted to do. It needs to be able to filter "ALL" objects based on the filter set, however many are allowed.

I've since fallen back to using Kibana and then embedding content into an iframe that's delivered to the customer.

Kent_Marten · April 1, 2021, 11:53pm

Hi @tpnoonan

Thanks for the feedback and for posting this issue. I will chat with my team and see if there are any other ideas to help you.

I am the Product Manager responsible for Canvas. Would you be interested in jumping on a call, so I could learn more about how you are using canvas and the pain-points you have encountered?

Let me know.

Kent M.

tpnoonan · April 2, 2021, 3:38pm

Thanks for the response @markov00. Is it possible with an ES SQL Query to group the results in a daily interval?

I need count of documents by startTime. Here's an example document. The filters that I would involve would use the "customer" element and then timefilter using startTime. Typically showing a month of time and rolled up by day.

{"_index":"dynatrace-problems-2021","_type":"_doc","_id":"576669061982728329_1617336180000V2","_version":1,"_score":null,"fields":{"environment.keyword":["PRD"],"problemFilters.name.keyword":["DevOps"],"evidenceDetails.details.endTime":["2021-04-02T04:07:00.000Z"],"evidenceDetails.details.eventId.keyword":["-5623364224221843904_1617335880000","576669061982728329_1617336180000"],"severityLevel.keyword":["PERFORMANCE"],"impactedEntities.entityId.id.keyword":["SERVICE-CDF52097AD793C51"],"durationMins":[13],"evidenceDetails.details.unit":["MicroSecond"],"evidenceDetails.details.groupingEntity.entityId.id.keyword":["SERVICE-CDF52097AD793C51"],"title.keyword":["Response time degradation"],"rootCauseEntity.name.keyword":["amanprdg"],"problemFilters.id.keyword":["80625a21-feba-4b0b-98e0-982fe4945412"],"evidenceDetails.details.entity.name":["amanprdg","amanprdg","Unmapped Instance for amanprdg"],"evidenceDetails.details.entity.name.keyword":["amanprdg","amanprdg","Unmapped Instance for amanprdg"],"affectedEntities.entityId.type":["SERVICE"],"evidenceDetails.details.groupingEntity.name":["amanprdg"],"impactAnalysis.impacts.impactedEntity.entityId.type":["APPLICATION","SERVICE","SERVICE","APPLICATION","SERVICE"],"evidenceDetails.details.groupingEntity.entityId.type":["SERVICE"],"impactAnalysis.impacts.impactedEntity.entityId.id":["APPLICATION-3DA11D91C31A98E6","SERVICE-09B41A8923E6C506","SERVICE-216B6E27675B4AC6","APPLICATION-F3CC21300BB8312A","SERVICE-8FE2E4B3DE765F64"],"impactAnalysis.impacts.impactedEntity.name.keyword":["AMANDA Portal","XSSFilter (/XSSFilter)","WSAmandaSecurityService","AMANDA Back Office","AMANDA5 (/AMANDA5)"],"evidenceDetails.details.evidenceType":["EVENT","EVENT","TRANSACTIONAL"],"evidenceDetails.details.entity.entityId.type.keyword":["SERVICE","SERVICE","SERVICE_INSTANCE"],"evidenceDetails.details.unit.keyword":["MicroSecond"],"evidenceDetails.details.groupingEntity.entityId.type.keyword":["SERVICE"],"impactAnalysis.impacts.estimatedAffectedUsers":[26,26,0,12,12],"customer.keyword":["COA"],"affectedEntities.name.keyword":["amanprdg"],"problemId.keyword":["576669061982728329_1617336180000V2"],"evidenceDetails.details.displayName":["Response time degradation","Response time degradation","Client response time"],"impactAnalysis.impacts.impactedEntity.entityId.type.keyword":["APPLICATION","SERVICE","SERVICE","APPLICATION","SERVICE"],"impactedEntities.name":["amanprdg"],"problemFilters.id":["80625a21-feba-4b0b-98e0-982fe4945412"],"impactAnalysis.impacts.numberOfPotentiallyAffectedServiceCalls":[427,20,199],"displayId":["P-210422"],"status":["CLOSED"],"affectedEntities.entityId.id.keyword":["SERVICE-CDF52097AD793C51"],"evidenceDetails.details.startTime":["2021-04-02T03:58:00.000Z","2021-04-02T04:03:00.000Z","2021-04-02T03:44:00.000Z"],"durationHours":[0.21666667],"evidenceDetails.details.valueAfterChangePoint":[55736.023],"impactLevel.keyword":["SERVICES"],"rootCauseEntity.entityId.id.keyword":["SERVICE-CDF52097AD793C51"],"evidenceDetails.details.groupingEntity.entityId.id":["SERVICE-CDF52097AD793C51"],"impactAnalysis.impacts.impactedEntity.entityId.id.keyword":["APPLICATION-3DA11D91C31A98E6","SERVICE-09B41A8923E6C506","SERVICE-216B6E27675B4AC6","APPLICATION-F3CC21300BB8312A","SERVICE-8FE2E4B3DE765F64"],"evidenceDetails.details.entity.entityId.type":["SERVICE","SERVICE","SERVICE_INSTANCE"],"evidenceDetails.details.groupingEntity.name.keyword":["amanprdg"],"status.keyword":["CLOSED"],"evidenceDetails.details.entity.entityId.id.keyword":["SERVICE-CDF52097AD793C51","SERVICE-CDF52097AD793C51","SERVICE_INSTANCE-F823C60D6BB7BDB0"],"impactedEntities.entityId.type":["SERVICE"],"evidenceDetails.details.displayName.keyword":["Response time degradation","Response time degradation","Client response time"],"affectedEntities.entityId.type.keyword":["SERVICE"],"title":["Response time degradation"],"affectedEntities.entityId.id":["SERVICE-CDF52097AD793C51"],"severityLevel":["PERFORMANCE"],"problemFilters.name":["DevOps"],"evidenceDetails.totalCount":[3],"evidenceDetails.details.entity.entityId.id":["SERVICE-CDF52097AD793C51","SERVICE-CDF52097AD793C51","SERVICE_INSTANCE-F823C60D6BB7BDB0"],"impactAnalysis.impacts.impactedEntity.name":["AMANDA Portal","XSSFilter (/XSSFilter)","WSAmandaSecurityService","AMANDA Back Office","AMANDA5 (/AMANDA5)"],"impactedEntities.entityId.id":["SERVICE-CDF52097AD793C51"],"startTime":["2021-04-02T04:03:00.000Z"],"rootCauseEntity.entityId.type.keyword":["SERVICE"],"evidenceDetails.details.eventType.keyword":["SERVICE_RESPONSE_TIME_DEGRADED","SERVICE_RESPONSE_TIME_DEGRADED"],"impactAnalysis.impacts.impactType.keyword":["APPLICATION","SERVICE","SERVICE","APPLICATION","SERVICE"],"impactedEntities.name.keyword":["amanprdg"],"impactAnalysis.impacts.impactType":["APPLICATION","SERVICE","SERVICE","APPLICATION","SERVICE"],"evidenceDetails.details.rootCauseRelevant":[true,true,true],"rootCauseEntity.name":["amanprdg"],"rootCauseEntity.entityId.type":["SERVICE"],"evidenceDetails.details.evidenceType.keyword":["EVENT","EVENT","TRANSACTIONAL"],"evidenceDetails.details.eventType":["SERVICE_RESPONSE_TIME_DEGRADED","SERVICE_RESPONSE_TIME_DEGRADED"],"impactLevel":["SERVICES"],"environment":["PRD"],"affectedEntities.name":["amanprdg"],"impactedEntities.entityId.type.keyword":["SERVICE"],"displayId.keyword":["P-210422"],"recentComments.totalCount":[0],"endTime":["2021-04-02T04:16:00.000Z"],"rootCauseEntity.entityId.id":["SERVICE-CDF52097AD793C51"],"problemId":["576669061982728329_1617336180000V2"],"evidenceDetails.details.eventId":["-5623364224221843904_1617335880000","576669061982728329_1617336180000"],"evidenceDetails.details.valueBeforeChangePoint":[1567.77],"customer":["COA"]},"sort":[1617336180000,13]}

tpnoonan · April 2, 2021, 3:41pm

@Kent_Marten - Thanks for reaching out, hopefully one of the times that I proposed works for you.

-Tommy

Felix_Roessel · April 3, 2021, 8:28am

Also If you like to learn from examples you may find this interesting:

markov00 · April 6, 2021, 10:56am

Yes sure, you can use a query like:

SELECT HISTOGRAM("@timestamp", INTERVAL 1 DAY) as day, count(*)  as count FROM "kibana_sample_data_logs" GROUP BY day

to group by a day interval of a specific time field (in my usecase it was @timestamp) and apply whatever aggregation you are interested in.

system · May 4, 2021, 10:56am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.