JSON input for kibana dashboards

Elastic Stack Kibana
1

Hi all,

I want to create a customised dashboards for monitoring kuberenetes in cloud. Right now we are using the default dashboards, but wish I can customise more to suit my needs. For an instance, the current dashboards provide a feature to monitor the CPU usage, on the whole, we thought it might be more helpful to know how much each container use each beat.

PS: I am aware of creating the custom visualizations and adding to the dashboard. But wish to know if there is a way to manage the dynamic changes. Like the default dashboards. I tried to this by adding a new horizontal bar and providing the system.cpu.usr.pct in the y-axis and in x-axis provided with an aggregation of the term with beat.host name and an additional sub-aggregation with a filter kubernetes.container.name='#####' but there is no data in the graph and the visualization is empty.

25 AM
Screen Shot 2018-01-18 at 10.52.25 AM.png2501×1453 227 KB

In this screenshot there is a spelling mistake for kubernetes i corrected and tried but didnt get any output.Also i tried changing filter with double quotes (kubernetes.container.name="#####"), without any quotes (kubernetes.container.name=#####) also.

Thanks,
Kanthi.

2

I just realized that I need to add 2 aggregations 1 for beat.hostname and another for kubernetes.container.name. Is there any option to do so? I added significant terms and beat.name in primary aggregation and the following command in json-input but i know something is wrong

{
"script": {
"inline": "doc['kubernetes.container.name'].value=####",
"lang": "painless"
}
}

And tried this as well,

{ "query": { "match": { "kubernetes.container.name": { "query": "###", "type": "phrase" } } } }

and got this error

Error
Visualize: [illegal_argument_exception] [significant_terms] unknown field [query], parser not found```
3

I'm a little confused because it seems you have multiple questions here. The JSON input that you're entering into only supports the actual parameters expected by the Elasticsearch aggregation, and I don't think it's quite what you want.

You mentioned that you need to add 2 aggregations. Could you split series by kubernetes.container.name and then add another split (either x-axis or chart) by beat.name?

4

I did the same, split series by filters with kubernetes.container.name="kube-proxy" and in x-axis with significant term and beat.hostname

05 AM
Screen Shot 2018-01-19 at 11.20.05 AM.png2260×1385 244 KB

No output :frowning:

5

Sorry, I meant do a split with a terms aggregation, not a filters aggregation. Could you try that?

6

Tried that too, split series term with kubernetes.container.name and again in x-axis with a significant term of beat.hostname. I don't know what is wrong :frowning:

37 AM
Screen Shot 2018-01-19 at 11.41.37 AM.png2040×1302 192 KB

This works fine when I try to find CPU usage with 1 aggregation i.e. beat.hostname but doesnt work when i add another aggregation

7

Hmm... Do the documents containing kubernetes.container.name also have system.cpu.user.pct?

9

Not sure how to check that. Sorry i am very new to this and if you mean if both are in same index then yes

10

Resolved. Sorry i found out the mistake. It was not using the same term

11

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.