Hi I have injested my data into ELK and i can see the data in Kibana as well.
in splunk i have this query
index=app "verifyStatusCode" | stats ExecutionTime
I can see the ExecutionTime field in kibana as per my GROK filter, now i want to just visualise the same thing in ELK Single Value visualisation, by searching for events which have "verifyStatusCode" and their Execution time.
Need help in writing the Elastic search query for this one.
Hello,
Where do you want to write the query for this in Kibana? In the filter json input or in the search bar?
Also, what version of Kibana are you using? (as there may be deprecations in query syntax between versions). Also, you can check out the latest 6.0.0 beta (should come out soon) that has a visual filter builder.
Yes i want to create using the search bar. How do we create using the JSON input?
You can create a filter in Kibana like this:
https://www.elastic.co/guide/en/beats/packetbeat/current/kibana-queries-filters.html
once you create it, that filter can be edited and you can modify it's JSON object.
This is a guide to QueryDSL which is used in the filter syntax:
https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl-query-string-query.html#query-string-syntax
You need _exists_" from there for theverifyStatusCode` field.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.