I have a timelion "query" that works great. However, I am using the split function to get the top 10 occurences and I can't figure out how to tell it to ignore, or don't show, the fields that contain certain values.
What I am doing is classifying events from an external system and writing that to ElasticSearch as a field in the document. Some of these classifications are low priority or we don't actually find anything to classify them with, so we put that in the field. In the visualizations, it is easy to ignore as you put that in the "Exclude" part of the viz and they don't show up. Is there a way to do that in Timelion? What I have below "works" in that I get the top 10, but I have to click on the items in the legend to get them to disappear from the graph. Just wondering if this is possible.
Gives me the two things that I don't want. Namely:
Low Priority Tags
No Tags Found
And that's all it gives me. No top 5 or anything.
And, regardless of if I change the query to not have the NOT in it, or use different quote placement (i.e. q="NOT system_classification.public_name.keyword:'Low Priority Tags'") I still get the same output. It's weird as I would think that the NOT would work.
So, it's closer but I am still tinkering with it. Any ideas?
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.