Hi I'm new to the ELK stack. I'm using Kibana 4.1. I've managed to use the Elasticsearch Query DSL to run searches within Kibana's Discover interface to capture a data set, then used that saved search to create a new Visualization and Dashboard widget in Kibana. My Elasticsearch query looks like
{
"bool" : {
"must" : [
{
"match" : { "service" : "servicename" }
},
{
"match_phrase" : { "msg" : "Trying to get security token for user: joe" }
}
],
"minimum_should_match" : 1,
"boost" : 1.0
}
}
-this would capture any login events for user: joe. If i wanted to search for login events for user: sue I'd have to change this part of the above query query to look like
"match_phrase" : { "msg" : "Trying to get security token for user: sue" }
I was asked to see if there was a way I could use Elasticsearch Query DSL from the Kibana Discover tab or from curl on the command line - to create a dynamic query that would allow us to search for login events of various users, and then create a new visualization.
I think this is possible, I'm not sure what the best way to do this in Elasticsearch/Kibana. Can anyone point me in the right direction on how to go about this? Thanks!