Kibana Visualisation Help needed - pie chart to detailed table view

Divit_Sharma · July 3, 2018, 7:23am

Can anyone help me :
Very new to ELK. Can we make a visualisation which shows status of jobs like completed, failed, killed etc [like a pie chart] and then when we click on the status on the pie chart it should show complete data of the jobs in tabular format.

The first part is doable but not sure if we can do second part. HELP

Suhas_K · July 3, 2018, 8:42am

Hey @Divit_Sharma

Yes, Both the parts are possible. You'll have to make two different visualisations one will be for the pie charts and the other will be saved search/data table. when you click on a section of the pie chart, the required filter will be applied to the whole dashboard. This should solve your issue. As i'm using the pie charts for the similar purpose.

Regards

Divit_Sharma · July 3, 2018, 9:10am

@Suhas_K But how will I link those two i.e. Pie Chart and the Saved Search. How will I make sure that on clicking the chart it goes to that saved search?

Thanks for the reply

Suhas_K · July 3, 2018, 9:21am

@Divit_Sharma Just put them both on a single dashboard. Then, clicking the chart will automatically add a filter to the saved search. (Note that you will have to add the saved search to the dashboard along with the pie chart)

Divit_Sharma · July 3, 2018, 9:40am

Thanks @Suhas_K. I will try that.

Divit_Sharma · July 3, 2018, 10:47am

@Suhas_K It worked out as expected. One more thing : I am bringing all the jobs and their status from Oracle and I want data to update real time. So that the status would change in front end also. So first time the data would be indexed by select * in logstash.conf. How should my query be written so that the older values are deleted and the new values added?

I hope you understand. The new values of status should override the older ones so I think I would select * again so as to include new jobs and updated status of previously indexed jobs but how to delete the older values or is there any other way.

This would be the order :

Select * and index jobs and their status into ES.
Delete everything that was indexed and select * again with new values which will be indexed.

Suhas_K · July 3, 2018, 11:22am

Hey @Divit_Sharma
As of my knowledge you can use the dynamic time range filter to sort the data as per your requirment. If you still wish to delete the data you can delete the entire index with the help fo DEV tools.

DELETE <INDEX_NAME>

You can also set schedulars using CURL in linux.

Regards

system · July 31, 2018, 11:22am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.