Hello. I'm trying to create a Pie chart to display values with filters. However, only the first 3 filters are working, while in the Discovery tab all of the filters work. How filters are really working? The official documentation doesn't anything about it.
Can you try this by having the "nginx.access.url: api" filter in the Search bar at the top and only using the nginx.access.url in the filters fields in the Pie chart?
I tried. It kinda worked but we want to have a bucket on Pie with counters by a wildcard, i.e. api/v1, api/v2, api/v3 (while a link is /api/v2/public, for example) and so forth. Is that even possible in a single Pie?
I'm not sure I understand exactly what you want. You'd like it to be split automatically by the version number?
Yes. The number of hits of URLs (say, 10) by a complex wildcard or keyword.
Can you try with a Terms aggregation instead of the Filter one, on the access URL field?
Yes, I tried. Ended up with URLs like /api/v1/public/product1 and /api/v1/public/product2. As you see, those URLs are different and evaluated by Kibana separately. So it's two different counters. We want a single counter by '/api/v1/public' (which combines all counters in one).
Then I'd suggest creating a scripted field that trims the URL to the third "/" and then do a terms aggregation on that field.
That's what I thought about first as I was trying to avoid any additional parsing. I'll post my solution later. Thanks for help!
Best practice would be to do the parsing at ingest time, this way it's done only once.
Do you mean by grok in a Logstash pipeline?
Logstash pipelines or even ES pipelines if you don't already use Logstash. Even filebeat/metricbeat have the ability to do this operation as it's pretty simple.
Got it. Then I'll post my idea in a Logstash topic on that matter which for unknown reasons for me doesn't work. Thanks.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.
