Kibana filter

zoplex · August 8, 2016, 10:00pm

How would I filter the data on the current bar graph using filter like the one bellow that I run from curl (and it works) - need to reduce data on the graph by only showing records that have the value of query run time > 10 seconds (this comes from slow_qyery.log MySQL log file):

curl -X GET 'localhost:9200/my-filebeat-2016.08.08/_search?pretty=true&size=10000' -d '
{ "sort" : ["@timestamp"],
"query": {
"query_string": {
"query": "ses_slowq_rtime:>10.0",
"analyze_wildcard": true
}
}
}
';

warkolm · August 9, 2016, 12:14am

If you add a filter you can then edit that and add in your own json with this.

zoplex · August 9, 2016, 12:46am

I tried - but JSON highlights the code as invalid - with red underlines - if I cut/paste the same code, plut the "1 ERROR" sign at the top:
"query": {
"query_string": {
"query": "ses_slowq_rtime:>10.0",
"analyze_wildcard": true
}
}

zoplex · August 9, 2016, 8:25pm

resolved - just like you said - added the json one line into the search bar of the graph:

{"query":{"query_string":{"query":"ses_slowq_rtime:>100.0","analyze_wildcard":true}}}

Also had to flatten the script so there are no new lines and carriage returns.

Thank you - also thanks to my coworker Brad for pointing out that this goes into the top search bar and not into the JSON section inside the Advanced part of the graph build area.

warkolm · August 9, 2016, 8:59pm

Thanks Brad!