Kibana3 histogram markes


(Vaclav Adamec) #1

Hi,
I would like to humbly ask for some example how to use markers in Kibana3
histograms as I unable to get it run. What I unsuccessfully tried is
bellow, definitely I miss something. Thanks

curl -XPUT 'http://localhost:9200/ossec-logstash-2014.02.05/deploy/1' -d '{
"timestamp" : "2014-02-05T12:00:00",
"message" : "Security scans",
"tag" : "marks"
}'

via head plugin query search I can get it:

{"query":{"bool":{"must":[{"term":{"deploy.tags":"marks"}}],"must_not":[],"should":[]}},"from":0,"size":50,"sort":[],"facets":{}}

_index
_type
_id

_score
timestamp
message
tags

ossec-logstash-2014.02.05
deploy
1
12.396167
2014-02-04T 12:00:00
Security scans
marks

but in Kibana I don't see any marks (even If I tried to query just
deploy.tags I have empty result in Kibana), in histogram query:

"size": 10,
"query": {
"filtered": {
"query": {
"query_string": {
"query": "deploy.tags:"marks""
}
},
"filter": {
"bool": {
"must": [
{
"range": {
"@timestamp": {
"from": 1391497422132,
"to": "now"
}
}
}
]
}
}
}
},
"sort": [
{
"@timestamp": {
"order": "desc"
}
},

Marker setup in histogram:

Markeer query: deploy.tags:"marks"
Tooltip field: @message
Sort: @timestamp

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/2425cab4-01a7-48ab-bf7d-9bf0aff95c8f%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.


(Binh Ly) #2

Vaclav:

This works fine for me. Can you please verify that the field names match
correctly. In your example below, the document has a field "tag" but your
marker query is using deploy."tags". Just double check to see that
everything matches. Also if it still doesn't work, try just using "tag" in
the marker query, like for example tag:marks. Other than that I see there
is a range filter on your timestamp field so double check to make sure it
is actually matching documents in that range that have values for tag.

On Thursday, February 6, 2014 2:15:30 AM UTC-5, Vaclav Adamec wrote:

Hi,
I would like to humbly ask for some example how to use markers in Kibana3
histograms as I unable to get it run. What I unsuccessfully tried is
bellow, definitely I miss something. Thanks

curl -XPUT 'http://localhost:9200/ossec-logstash-2014.02.05/deploy/1' -d
'{
"timestamp" : "2014-02-05T12:00:00",
"message" : "Security scans",
"tag" : "marks"
}'

via head plugin query search I can get it:

{"query":{"bool":{"must":[{"term":{"deploy.tags":"marks"}}],"must_not":[],"should":[]}},"from":0,"size":50,"sort":[],"facets":{}}

_index
_type
_id

_score
timestamp
message
tags

ossec-logstash-2014.02.05
deploy
1
12.396167
2014-02-04T 12:00:00
Security scans
marks

but in Kibana I don't see any marks (even If I tried to query just
deploy.tags I have empty result in Kibana), in histogram query:

"size": 10,
"query": {
"filtered": {
"query": {
"query_string": {
"query": "deploy.tags:"marks""
}
},
"filter": {
"bool": {
"must": [
{
"range": {
"@timestamp": {
"from": 1391497422132,
"to": "now"
}
}
}
]
}
}
}
},
"sort": [
{
"@timestamp": {
"order": "desc"
}
},

Marker setup in histogram:

Markeer query: deploy.tags:"marks"
Tooltip field: @message
Sort: @timestamp

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/799fc859-e55e-4fdf-8800-d3467e5790d3%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.


(Vaclav Adamec) #3

Thanks for reply, actually If I copy whole search query from histogram
(Kibana3 - Inspect) and run it in shell I get results,
but not getting anything in graph itself -
https://gist.github.com/VAdamec/8859892 result is:

{
"took" : 5,
"timed_out" : false,
"_shards" : {
"total" : 96,
"successful" : 96,
"failed" : 0
},
"hits" : {
"total" : 11,
"max_score" : 1.0,
"hits" : [ {
"_index" : "ossec-logstash-2014.02.05",
"_type" : "deploy",
"_id" : "7",
"_score" : 1.0, "_source" : {
"timestamp" : "2014-02-05T16:00:00",
"message" : "QUALYS internal linux system",
"tags" : "marks"
}
}, {
"_index" : "ossec-logstash-2014.02.05",
"_type" : "deploy",
"_id" : "8",
"_score" : 1.0, "_source" : {
"timestamp" : "2014-02-06T8:30:00",
"message" : "QUALYS internal linux system",
"tag" : "marks"
}
}, {
"_index" : "ossec-logstash-2014.02.05",
"_type" : "deploy",
"_id" : "S94z2ZE3QKOWFJTk4sH1dw",
"_score" : 1.0, "_source" : {"query_string" : { "query":
"deploy_tags:"marks""}}
}, {
"_index" : "ossec-logstash-2014.02.05",
"_type" : "deploy",
"_id" : "2C78qfQ8SnauY98Z-z_g5A",
"_score" : 1.0, "_source" : {"query_string" : { "query":
"deploy_tags:"marks""}}
}, {
"_index" : "ossec-logstash-2014.02.05",
"_type" : "deploy",
"_id" : "3",
"_score" : 1.0, "_source" : {
"message" : "QUALYS internal linux system"
}
}, {
"_index" : "ossec-logstash-2014.02.05",
"_type" : "deploy",
"_id" : "4",
"_score" : 1.0, "_source" : {
"timestamp" : "2014-02-04T12:00:00",
"message" : "QUALYS internal linux system"
}
}, {
"_index" : "ossec-logstash-2014.02.05",
"_type" : "deploy",
"_id" : "5",
"_score" : 1.0, "_source" : {
"timestamp" : "2014-02-03T12:00:00",
"message" : "QUALYS external linux system"
}
}, {
"_index" : "ossec-logstash-2014.02.05",
"_type" : "deploy",
"_id" : "OfW9bP-ySsO4Vdi5CXIrHQ",
"_score" : 1.0, "_source" : {"query_string" : { "query":
"_type:deploy"}}
}, {
"_index" : "ossec-logstash-2014.02.05",
"_type" : "deploy",
"_id" : "6",
"_score" : 1.0, "_source" : {
"timestamp" : "2014-02-04T12:00:00",
"message" : "QUALYS internal linux system",
"tags" : "marks"
}
}, {
"_index" : "ossec-logstash-2014.02.05",
"_type" : "deploy",
"_id" : "1",
"_score" : 1.0, "_source" : {
"timestamp" : "2014-02-05T12:00:00",
"message" : "QUALYS internal linux system",
"tag" : "marks"
}
} ]
}
}

On Thu, Feb 6, 2014 at 3:01 PM, Binh Ly binh@hibalo.com wrote:

Vaclav:

This works fine for me. Can you please verify that the field names match
correctly. In your example below, the document has a field "tag" but your
marker query is using deploy."tags". Just double check to see that
everything matches. Also if it still doesn't work, try just using "tag" in
the marker query, like for example tag:marks. Other than that I see there
is a range filter on your timestamp field so double check to make sure it
is actually matching documents in that range that have values for tag.

On Thursday, February 6, 2014 2:15:30 AM UTC-5, Vaclav Adamec wrote:

Hi,
I would like to humbly ask for some example how to use markers in
Kibana3 histograms as I unable to get it run. What I unsuccessfully tried
is bellow, definitely I miss something. Thanks

curl -XPUT 'http://localhost:9200/ossec-logstash-2014.02.05/deploy/1' -d
'{
"timestamp" : "2014-02-05T12:00:00",
"message" : "Security scans",
"tag" : "marks"
}'

via head plugin query search I can get it:

{"query":{"bool":{"must":[{"term":{"deploy.tags":"marks"}}
],"must_not":[],"should":[]}},"from":0,"size":50,"sort":[],"facets":{}}

_index
_type
_id

_score
timestamp
message
tags

ossec-logstash-2014.02.05
deploy
1
12.396167
2014-02-04T 12:00:00
Security scans
marks

but in Kibana I don't see any marks (even If I tried to query just
deploy.tags I have empty result in Kibana), in histogram query:

"size": 10,
"query": {
"filtered": {
"query": {
"query_string": {
"query": "deploy.tags:"marks""
}
},
"filter": {
"bool": {
"must": [
{
"range": {
"@timestamp": {
"from": 1391497422132,
"to": "now"
}
}
}
]
}
}
}
},
"sort": [
{
"@timestamp": {
"order": "desc"
}
},

Marker setup in histogram:

Markeer query: deploy.tags:"marks"
Tooltip field: @message
Sort: @timestamp

--
You received this message because you are subscribed to a topic in the
Google Groups "elasticsearch" group.
To unsubscribe from this topic, visit
https://groups.google.com/d/topic/elasticsearch/VD1J5g127Wc/unsubscribe.
To unsubscribe from this group and all its topics, send an email to
elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/799fc859-e55e-4fdf-8800-d3467e5790d3%40googlegroups.com
.

For more options, visit https://groups.google.com/groups/opt_out.

--
-- May the fox be with you ...
/
(~(
) ) /_/
(=---(@ @)
( \ /
/|/----|\ V
" " " "

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/CAN1zQ4anCdd4D54ybsjKgjvB5t6axh0F%3DMo1V_0FqGBX2wNUhg%40mail.gmail.com.
For more options, visit https://groups.google.com/groups/opt_out.


(system) #4