When selecting Log Stream when creating a Dashboard there are no available data stream or namespace fields to filter on only event.dataset and we'd rather not have to use unique datasets (due to the additional indicies this creates) for each integration in order to filter here.
Please let me know if there is a way to do this or I misunderstanding something.
Sorry, it's not clear to me if you are referring to the Stream interface to review logs in the Observability solution like this screenshot:
Or are you talking about a regular Dashboard, or a predefined one set up by a beat maybe?
Hi Jorge,
Thanks for the response. I've actually just realised when trying to obtain some screenshots that it isn't specific to the Log Stream type under Dashboards but missing from the Filters in Dashboards entirely, so apologises for the confusion.
I'm referring to the data_stream.namespace field filter which is available under Discover and Create Visualisations:
But doesn't appear available under Dashboards itself:
My colleague has created a Dashboard with a Log Stream and is having to use event.dataset to filter it rather than the data_stream.namespace which would be ideal (imo) as we were considering consolidating some of the dataset names as we don't need separate indices for a lot of them.
I hope this makes sense. I am very new to this so it is very possible I completely misunderstanding how this works so please let me know if so!
For Dashboard to suggest the correct field names you need to add first at least one visualization that refers to the index pattern (or Data View if you are in 8.x). By default it will suggest the fields from your default index pattern. Once the dashboard knows that you are working with a given index pattern you should be able to see it in the search bar suggestions.
Check the following screen recording. When creating the dashboard the default fields are from an index pattern that has nothing to do with metricbeat. Once I add a visualization with the count of records from metricbeat, the search bar will suggest fields from that index pattern.
Hope it helps!
Perfect! That's done it.
Thanks a lot for your help.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.
