Kibana GUI simple filter not able to get it work :(

Elastic Stack Kibana
1

I thought this was easy but after several attempt i wasnt able to get it working. We have a routine morning health check. i was trying to focus on errors or issue for the snapshot or agent logs but to no avail.

  1. For the snapshots i was trying to filter by jobs that is not complete state.

Kibana GUI >> stack management >> snapshot and restore >> snapshots

How can I filter for state column NOT EQUAL to complete?

  1. For the agents logs. I was trying to filter to show events that have error.message

Kibana GUI >> fleet >> agents >> "agent_id" >> agent "logs" tab

How can I filter for error.messages column NOT NULL?

Kindly advice. Thanks in advance.

image
image2806×1506 320 KB

image
image1887×675 60.9 KB

2

uploaded sample screenshot

3

Hello @Whoami1980

For Snapshot you can check below :

Index name .ds-.slm-history-*

if success : false means it has failed
if success : true means the snapshot was successful

image
image1491×355 38.2 KB

For second point can use filter error.message : *

Thanks!!

4

@Tortoise

thanks for the assistane.

for the snapshot. yes i tested we can query it through the index. just to clarify not possible from the web GUI?

for the agent logs. that helps for a single agent. but its there any way to do it across all agents?

thanks once again for all assistance

5

It is not possible, the Snapshots UI is basically to filter by snapshot name and repositories, nothing else.

Same thing, the Fleet UI for agents lacks some filters, the logs tabs is per agent, if you want to filter for mesages happening in multiple agents you need to use discover for it.

6

@leandrojmp @Tortoise
Thanks for the advice and assitance