Migration of Dashboards to Kibana 4: TopN Queries and Visualization

Christoph_Kiefer · December 11, 2017, 11:16am

Dear All

I'm quite knew to the ELK stack and Kibana in particular. My task is to migrate a bunch of antique Kibana 3 dashboards to Kibana 4.5.4 (Build 10000).

The dashboard looks like this:

As you can see, multiple queries are defined at the top. The first two queries from top left are defined as follows:
First_topN_Query Second_topN_Query

The table-like "ALERT" visualization is configured as follows, i.e., it references the first two queries shown above:

Inspecting the ALERT visualization shows this JSON code:

curl -XGET 'http://localhost/elasticsearch-admindev/logstash-2017.12.11/_search?pretty' -d '{
  "size": 0,
  "query": {
    "bool": {
      "should": [
        {
          "query_string": {
            "query": "*"
          }
        }
      ]
    }
  },
  "aggs": {
    "filters": {
      "filter": {
        "bool": {
          "must": [
            {
              "range": {
                "@timestamp": {
                  "from": 1510395149979,
                  "to": 1512987149979
                }
              }
            }
          ]
        }
      },
      "aggs": {
        "field": {
          "terms": {
            "field": "vmw_alert.raw",
            "exclude": {
              "pattern": []
            },
            "size": 20,
            "order": {
              "_count": "desc"
            }
          }
        }
      }
    }
  }
}'

Field "vmw_alert.raw" is used to display the most frequent alert values.

I have difficulties to model this dashboard in Kibana 4.5.4. In particular, I cannot find a solution to migrate the two topN queries shown above and, in a second step, to build the ALERT visualization that utilizes these queries.

Any help is highly appreciated.

Kind regards
Christoph

Stacey_Gammon · December 11, 2017, 6:32pm

Unfortunately Kibana 4 is no longer officially supported due to the recent release of Kibana 6. How many dashboards do you have? Is manually re-creating them in Kibana 5 or 6 an option?

Christian_Dahlqvist · December 11, 2017, 6:35pm

If you can migrate to a more recent version of Elasticsearch and Kibana, you may have an easier time as there is a lot more flexibility compared to Kibana 4, e.g. the new time-series visual builder and a lot of new visualisations.

system · January 8, 2018, 6:35pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.