New to ELK and trying to create a dashboard that displays SNMP traps from multiple vendors' devices. Would like to create a general table that can display traps from all vendors. However, when the drop-down for 'field' has listing from each OID that is in ElasticSearch. Is it possible to create a generic or wildcard field, say, 'SNMPv2-SMI::enterprises.*'?
Or perhaps what is the best way to handle multiple MIBs?
If you create some visualization that has a list of the terms you would like to be able to filter on, then when you click on one of those it should filter everything on the dashboard by that.
So for example, I created a Data Table and Split Rows with a Filters aggregation. You can use whatever field and values with wildcards you like. In my first filter I added metricset.name:cpu and metricset.name:load so it includes docs with either of those values.
Then I added this new visualization to an existing metricbeat dashboard. Now I can mouse-over any of those filters and click on the + to add a filter to the dashboard like that. The just delete the filter when you want all results again.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.