Kibana Timelion

ashvita · August 2, 2017, 8:20pm

Hi,

I want to visualize the count of certain keyword in my logs.
10.100.213.171 Aug 1 21:01:50 x86-hw user.notice Dpd: 5066:dm::NodeEvent I {[01:55:47] Ixd202Cc.cpp:514}ZTR: Ixd-2 :ConfigIgcc:ConfigIgcc for pif: 1
10.100.216.159 Aug 2 02:36:44 x86-hw user.notice Dpd: 9502:Col_Line I {[00:47:37] Ixd202Cc.cpp:514}ZTR: Ixd-1 :ConfigIgcc:ConfigIgcc for pif: 0

As you can see the two logs have different IP and I want to visualize in Timelion two series one of each IP address which has keyword ZTR. Something like this-
.es(q=ztr AND NodeIP:10.100.213.171).color(red) .es(q=ztr AND NodeIP:10.100.216.159).color(black)

But this doesn't work.

Brandon_Kobel · August 3, 2017, 12:12pm

@ashvita try wrapping your q= value in double quotes like so: .es(q="ztr AND NodeIP:10.100.213.171").color(red) .es(q="ztr AND NodeIP:10.100.216.159").color(black)

system · August 31, 2017, 12:13pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.