URL field formatter - get values of other fields

Dear Community,

In Kibana there is the option of formatting the fields of an index as a URL (Link).
What I want to do with this is to trigger a query when clicking on the _id field of a document, but then issue a query on the same or another index using other fields than _id as filter arguments.

I know that using {{value}} you can reference the value of the field you are formatting (e.g. _id=3) and you can then use this value to issue a query when clicking on the link:
For example:

&_a=(columns:!(_source),index:'packets-*',query:(query_string:(query:'"{{value}}"')))

My question is: can you also reference other fields of the same document and use them for a new query?

Field formatters can only access their own field. However, you could create a scripted field that builds the URL and then just use the formatter to display it as a hyperlink.

Yes, this is what I was looking for. Thanks a lot!

I've made now quite some progress using scripted fields. However, one thing I could not achieve yet is to set a new time range when clicking on that link.
In painless I can access the timestamp of my documents using doc['timestamp'].value.
The time range should be set as follows:
start time: doc['timestamp'].value
end time: doc['timestamp'].value+doc['duration'].value]
...where the 'duration' is of type float and the unit is seconds.

An example of the the timestamp and duration formats:

2017-04-26T00:24:10.957Z (=doc['timestamp'].value)
0.146696999669075 (=doc['duration'].value)

Using the following link, I am able to set the starttime of the time range. But I could not code the endtime to be doc['timestamp'].value+doc['duration'].value.

'/app/kibana#/dashboard/e0204410-4d55-11e8-8265-513fea73f2bd?' + '_g=' + '(refreshInterval:(display:Off,pause:!f,value:0)' + ',time:(from:' + '\'' + doc['timestamp'].value + '\'' + ',mode:absolute,to:\'2017-04-27T22:00:00.000Z\'))'

According to the Kibana documentation, Kibana supports datemath, so I tried something like:

doc['timestamp'].value + '+' + doc['duration'].value + 's'

But this gives me a URL parsing error.
How can I achieve this?

Painless exposes the Java date time APIs, you'll need to use these to do the date math.

Thank you for this hint.
I now gave this a try and found out that my doc['timestamp'].value belongs to the java class "org.joda.time.MutableDateTime".
So I looked up the corresponding reference: MutableDateTime (Joda time 2.2 API)

... and found that this class comes with methods to add or subtract timevalues.
However running e.g

doc['timestamp'].value.addHours(-1)

...gives me the compile error:

{"type":"script_exception","reason":"runtime error","script_stack":["doc['timestamp'].value.addHours(-1);"," ^---- HERE"],"script":"doc['timestamp'].value.addHours(-1);","lang":"painless","caused_by":{"type":"illegal_argument_exception","reason":"Unable to find dynamic method [addHours] with [1] arguments for class [org.joda.time.MutableDateTime]."}}}]},"status":500}

So painless doesn't seem to find this function. Am I doing something wrong? How can I get access to these functions?

What version of Kibana and ES are you running?

I'm running ES 6.2 and Kibana 6.2

Hmmm seems like something changed, I swear Painless didn't used to expose Dates as Joda objects. The ES team is definitely planning on getting rid of Joda so I'd recommend transforming the Joda object into a Java ZonedDateTime and use that. Give this script a try:

ZonedDateTime.ofInstant(Instant.ofEpochMilli(doc['@timestamp'].value.getMillis()), ZoneId.of('Z')).minusHours(1);

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.