Hi!
I would like to do a table with a 'Top Hit' metric and when I receive in the field a value 'apple' or 'pear' show in the table. Otherwise when I recieve in the field a value 'melon' 'orange' 'other' don't show at the table.
I cannot find how to do it.
Thanks for your cooperation.
You can use the query bar to match on the data you want. ie. fieldname:apple OR fieldname:pear in the querybar. You can also do the same with a filter, which you could then use in other visualizations and move around into discover and dashboard via pinning.
Thanks for your answer.
My question maybe wasn't really specific.
Now I'm going to expose my real case.
I have a hits from differents (virtual machines) comming with three differents values, Down, Up, Warning.
I want to visualice only Down and Warning on a Dashboard. And when I recieve an 'Up' these alert should disapear from the dashboard table.
Example:
00:00 PM - VM-001 send a log Down --> I visualice on Dashboard.
00:05 PM - VM-001 send a log Up --> Alert on Dashboard disapear.
I'm trying doing a query DSL with the code comming from the dashboard to do a intermediate filter. But I don't reach a sollution.
Other idea was use threshold Alert but still unworking.
Some idea?
I have a hits from differents (virtual machines) comming with three differents values, Down, Up, Warning. [...] I want to visualice only Down and Warning on a Dashboard.
That's simple enough, using the Top Hits agg. You can just show the latest value and then you'll have a current overview of the last state for all the VMs.
And when I recieve an 'Up' these alert should disapear from the dashboard table.
That's harder, and I don't think it's possible in Kibana. Kibana doesn't have any kind of "filtering" beyond what you can do in Elasticsearch, which means you can't just get the latest value and tell Kibana not to put the "Up" results in the table. You have to show them all.
A filter won't work here because it will then be showing you the last result that wasn't UP. Filter aggs also aren't what you want since they simply split on the match, so you'll just end up duplicating VMs and seeing the UP and non-UP values.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.