I' trying to create a dashboard to make it easy for others to look at logs. This involves 2 levels of drill down based on some tags - a higher level group and then components within that group (different groups can have the same component - for example nginx logs). After the drill downs, I want to filter on one field to show just the actual log line leaving out the metadata.
I can do this manually by writing a query for the 2 level drill down based on tags (example - group:g1 component:c1) and then adding a filter for the field. What I want is to (1) create a dashboard that has this in an interactive fashion and (2) Pre-configure kibana with this dashboard in some conf file so we can bring up other kibana instances in other environments with this dashboard already defined.
I saw the docs online for interactive inputs [1] and am able to create a dashboard with 2 options but am not able to hook it up with saved search with a filter and also don't know where to store that in a conf file .
I played around a bit more. The management -> Saved Objects user interface was very helpful. Looks like fields: is what I want in the search. I am now able to create visualizations for the 2 drill downs using the interactive options and a saved search that shows only the appropriate field. I was able to create a dashboard that incorporates these. When I look at the dashboard json I see a searchSourceJson that is mentioned in a few places in the docs but didn't find a reference that details what the fields in it are. (The closest I found was this: https://www.elastic.co/blog/kibana-under-the-hood-object-persistence which doesn't talk in detail about searchSourceJson.)
You can define the dashboard app to be the default app which loads when Kibana starts up. You can do so in kibana.yml. Which version of the stack you are on? Depending on this - you can use something called dashboard only mode - where you just give access to this particular dashboard:
I am not sure how searchSourceJson is going to help you here? Can you tell me how you plan to use it? I am going to find out what's in it and get back to you.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
