Metricbeat query in Kibana

Elastic Stack Elasticsearch
1

Hi there,

I'm creating customer portals within the Kibana interface, this is working nicely. The purpose of this is, is that the customer can check the up-time of their own application without consulting us. Now i can configure it in such a way that they can only see their own application but i cannot figure out how to write the query in such a way so that they can see more applications.

This is all done/written in the roles feature within Kibana. The query i'm using is as follows:
{"wildcard": {monitor.name: "test1.test.nl" }. This is doing what i'm trying to but i cannot seem to figure out how to write this if i want to add test2 for example.

Any clue?

Thanks and have a nice weekend!

Rick

2

see this page in the docs: Wildcard query | Elasticsearch Guide [7.12] | Elastic

To match test1.test.nl and test2.test.nl, you could try something like this as the query for this role:

{
  "query": {
    "wildcard": {
      "monitor.name": {
        "value": "test*.test.nl"
      }
    }
  }
}
3

Hi Jason, that is indeed a fine solution which i've used before! But i'm trying to figure out a way on how i can reach this when the names are completely different. Like for say the following example:
Application 1: test.test.com
Application 2: bla.bla.com

Kind regards.

4

Making sure I understand your use case. Please correct me if I misunderstood :wink:

  • Customer 1 wants to monitor a.com, b.com, ...
  • Customer 2 wants to monitor c.com, d.com, ...
  • Each customer should only have access to metrics for the domains they are monitoring

Where do you maintain the list of the domains each customer is monitoring?

If it's static, you could add tags to the data in metricbeat.yml

If it's in a DB, can you send the data from metricbeat => logstash and do a lookup on your DB table to add a tag for which customer it's for, and then for security in Kibana, each customer gets access to records with that tag

5

Hi Jason,

1 Customer can have completely different URL's (and domain names), that's why i'm trying to create a query which can show both of these urls. Is this even possible?

The tags is a good idea, how could i query on the tags?

6

The configuration for any of the beats have a section which looks like this:

# The tags of the monitors are included in their own field with each
# transaction published. Tags make it easy to group servers by different
# logical properties.
#tags: ["service-X", "web-tier"]

you can uncomment the tags line and add the customer's name/id/etc as a tag

then the tag could be applied as a filter for the role in Kibana

I don't know how many customers you are tracking URL's for, so in case its a big number, I also offered the idea of sending the events from the beat to logstash, and in logstash you could do a lookup on the URL from a DB table which contains a URLs and which tag to add.

7

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.