ViJaY_S
January 28, 2017, 12:17am
1
Hello,
Could you please help me out to create Visualize in Kibana dashboard for the PDF Downloaded Counts from IIS Logs.
Using Status code of 200 and only .PDF downloaded counts should display using filters.
For Example:
Status : 200 AND (URI ; (*.pdf))
Iam trying the above query in filters its not showing up right counts sometimes Gateway Timed out Error.
This Works well in Log Parser Query feed:
"SELECT c-ip As Machine, COUNT(*) As Hits, cs-uri-stem FROM *.log where cs-uri-stem like '%.pdf' GROUP BY Machine,cs-uri-stem ORDER BY Hits DESC"
I want same results in kibana dashboard.
Please help me out to fix.
Thanks,
VJ
hi @ViJaY_S ,
That's for a filter in the Filter-bar in Kibana?
You can't do a wildcard search at the beginning of the string when doing Lucene queries (https://lucene.apache.org/core/2_9_4/queryparsersyntax.html#Wildcard Searches).
For this type of functionality, people generally parse out the file-extension first into a separate field before indexing it in ES.
If that is not feasible, you could create a scripted field in Kibana (https://www.elastic.co/guide/en/kibana/current/scripted-fields.html ) that parses out the file extension for you.
Note that search using the first approach will be a lot faster than with the 2nd approach.
ViJaY_S
January 31, 2017, 12:49am
3
Yes its Filter in kibana search bar.
Status : 200 AND (URI ; (*.pdf))
system
February 28, 2017, 12:49am
4
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.