Hi dear community,
I have been following a blog to create Dashboards for Palo alto networks firewalls and good progress has been made. The blog post that has been used is
We have successfully replicated the dashboards to the extent we want. However, we have some challenges with Timelion filters or query.
In order to create a more complex query to for example show allowed and dropped traffic and furthermore drill down at department level, how can this query be applied in kibana under timelion? We are using
.es(q=action:drop).lines(fill=2).color(red).label("Dropped traffic today")
which works, however, as soon as we try adding (q=action:drop or allow and user:someuser) the console returns errors. We have also tried using (q=action:drop or action:allow and department:somedepartment)
Is there any detailed description and instructions with regards to use of timelion besides https://www.elastic.co/blog/timelion-tutorial-from-zero-to-hero or https://www.elastic.co/guide/en/kibana/current/timelion.html, none of which show any complex queries on the data. May be we are just over complicating and this is not the intended usage of Timelion? Will greatly appreciate any advice or guidance. Thanking you in advance, and thank you much for such a great product i.e. ELK stack