JSON input for kibana dashboards

kanthimathi · January 17, 2018, 9:27pm

Hi all,

I want to create a customised dashboards for monitoring kuberenetes in cloud. Right now we are using the default dashboards, but wish I can customise more to suit my needs. For an instance, the current dashboards provide a feature to monitor the CPU usage, on the whole, we thought it might be more helpful to know how much each container use each beat.

PS: I am aware of creating the custom visualizations and adding to the dashboard. But wish to know if there is a way to manage the dynamic changes. Like the default dashboards. I tried to this by adding a new horizontal bar and providing the system.cpu.usr.pct in the y-axis and in x-axis provided with an aggregation of the term with beat.host name and an additional sub-aggregation with a filter kubernetes.container.name='#####' but there is no data in the graph and the visualization is empty.

In this screenshot there is a spelling mistake for kubernetes i corrected and tried but didnt get any output.Also i tried changing filter with double quotes (kubernetes.container.name="#####"), without any quotes (kubernetes.container.name=#####) also.

Thanks,
Kanthi.

kanthimathi · January 17, 2018, 10:30pm

I just realized that I need to add 2 aggregations 1 for beat.hostname and another for kubernetes.container.name. Is there any option to do so? I added significant terms and beat.name in primary aggregation and the following command in json-input but i know something is wrong

{
"script": {
"inline": "doc['kubernetes.container.name'].value=####",
"lang": "painless"
}
}

And tried this as well,

{ "query": { "match": { "kubernetes.container.name": { "query": "###", "type": "phrase" } } } }

and got this error

Error
Visualize: [illegal_argument_exception] [significant_terms] unknown field [query], parser not found```

lukas · January 18, 2018, 5:42pm

I'm a little confused because it seems you have multiple questions here. The JSON input that you're entering into only supports the actual parameters expected by the Elasticsearch aggregation, and I don't think it's quite what you want.

You mentioned that you need to add 2 aggregations. Could you split series by kubernetes.container.name and then add another split (either x-axis or chart) by beat.name?

kanthimathi · January 18, 2018, 10:21pm

I did the same, split series by filters with kubernetes.container.name="kube-proxy" and in x-axis with significant term and beat.hostname

No output

lukas · January 18, 2018, 10:37pm

Sorry, I meant do a split with a terms aggregation, not a filters aggregation. Could you try that?

kanthimathi · January 18, 2018, 10:44pm

Tried that too, split series term with kubernetes.container.name and again in x-axis with a significant term of beat.hostname. I don't know what is wrong

This works fine when I try to find CPU usage with 1 aggregation i.e. beat.hostname but doesnt work when i add another aggregation

lukas · January 18, 2018, 10:58pm

Hmm... Do the documents containing kubernetes.container.name also have system.cpu.user.pct?

kanthimathi · January 18, 2018, 11:04pm

Not sure how to check that. Sorry i am very new to this and if you mean if both are in same index then yes

kanthimathi · January 18, 2018, 11:07pm

Resolved. Sorry i found out the mistake. It was not using the same term

system · February 15, 2018, 11:07pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.