I'm using area chart for visualization of process names to the total cpu pct,but i want name some of the process to one group and some other process to another group ,is there a way to do it?
like :java,app -process names should be in the name of 'Application'
:metricbeat process should be as 'System'.
As of now it displays process names,instead can i display them by grouping ?
Yeah i tried it,it is actually filtering it , i'm not getting entire data ,getting only filters whichever created are displayed in the graph, rest data isn't
You can also add a "catch all" group by the end, negating the other filters: NOT DestCityName : "Zurich" and NOT DestCityName : "Shanghai" and NOT DestCityName : "Tokyo" and NOT DestCityName : "Vienna"
Is there any other way?json or anything else?,i do have so many filters to be created
You could also do this up front before ingesting, e.g. in your logstash pipeline using the translate filter: https://www.elastic.co/guide/en/logstash/current/plugins-filters-translate.html
Ok, and are there any plugins for the snapshot option under Share tab . Bcz url isn't static ,it gets changed if we change any params in the url,is there a pluign for that ?
If you have other questions that are not related to the topic of the post, please open a new post. Otherwise it will be very difficult for other users to find it.
sure, adding a catch all group and other filters is working but it is messing up the labels ..how can that be solved
You can specify custom labels for each filter by clicking the little tag icon next to the trash icon to the right of the individual filter bars.
Does it not allow wild characters?, filtering? Like Toky* or shang*
You can specify the filters using KQL or Lucerne, so you can do everything there you can do in the search bar of Discover/Visualize/Dashboar, including wildcard queries.
ya but that is more messy to pass in the search bar (it affects other visualizations in the dashboard too ) as i have around 10-15 filters and a catch all filter too.
That's the reason i'm trying it out with Filter option under Buckets.but it isn't allowing wildcards in it.
You can use wildcard queries in the individual filters of the filters aggregation, just like you can in the search bar. It's the same query language.
Can you give me an example..i tried it ,didn't work..getting error.
Can you post what you tried?
"query": {"wildcard": {"system.process.username": {"value": "oracl*","boost": 1.0,"rewrite": "constant_score"}}}
When you are using KQL, just system.process.username: oracl* should do the trick
it isnt working
If want to receive help here, it helps to post a little more context
it isnt working
is in general not a good starting point - what exactly did you try? What exactly does show up and how does it differ from what you want to achieve? What's your context (e.g. mapping of your index)?
This is an example:
My data contains a field tags.keyword filled with stuff like this:
This is how I can match both success and security in a single "group":
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.
