Sql in elasticsearch/kibana

lynnptilby · January 16, 2019, 1:55am

We have a logstash file with documents like:

message:
2018-11-22 07:23:44,374 :: HWM :: INFO :: ########## Service Status: {'weight': True, 'main_cam': True, 'bp': True, 'scanner': True, 'oto_nose': True, 'thermo': True, 'ox': True, 'oto_ear': True, 'oto_mouth': True}
@timestamp:
November 22nd 2018, 07:23:44.374
loglevel:
INFO
_id:
I_dxvmcBKIwFz2orGn-N
_type:
_doc
_index:
kiosk-hwm-index
_score:
-
We need to do things like select all docs where main_cam="False" . Basically queries of sub-queries of sub-queries. Users at our organization are familiar with SQL and would like to use it, as opposed to learning a new language. What is the best study/learning document you can suggest?

warkolm · January 16, 2019, 2:22am

You really need to split the message contents into their own fields using grok first.

lynnptilby · January 16, 2019, 4:59pm

Will do. THANK YOU!

system · February 13, 2019, 4:59pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Elasticsearch query vs. SQL query Elasticsearch	4	2371	July 5, 2017
Index sql statements into elasticsearch Elasticsearch	6	326	June 21, 2020
Dec 21st, 2018: [EN][Elasticsearch] Using SQL to query data in Elasticsearch Advent Calendar elastic-stack-sql	1	2235	December 1, 2019
Extracting from Bind 9 log files Logstash	8	5144	March 23, 2017
How to do subqueries in Kibana? Kibana kql-kibana-query-language	1	398	May 2, 2022

Sql in elasticsearch/kibana

Related topics