Visualize sql query result

asadiya · November 26, 2018, 3:23pm

Hi,

How can visualize the result of a sql query in Kibana?

For example:
Query:

POST _xpack/sql?format=txt
{
"query":"SELECT ip_client, count(*) AS Number_Logins FROM splunk_logs WHERE result='000' AND channel='WEB' AND action='LOGIN' GROUP BY ip_client"
}

Result:

ip_client | Number_Logins
---------------+---------------
83.61.23.163 |9

Thanks.

Bargs · November 26, 2018, 9:50pm

Core Kibana does not have SQL support yet, but the new Canvas application does.

asadiya · November 27, 2018, 10:36am

Thanks, i just tried Canvas but still have the same problem.
Query:

SELECT(SELECT * FROM splunk_logs WHERE action='LOGIN')-(SELECT * FROM splunk_logs WHERE action = 'VOTST') AS Diff

No result.. and if i execute this query in Dev Tools:

POST _xpack/sql?format=txt
{
"query":"SELECT(SELECT * FROM splunk_logs WHERE action='LOGIN')-(SELECT * FROM splunk_logs WHERE action = 'VOTST') AS Diff"
}

Result:

{
"error": {
"root_cause": [
{
"type": "unsupported_operation_exception",
"reason": null
}
],
"type": "unsupported_operation_exception",
"reason": null
},
"status": 500
}

There is any limitation for sql queries in Elasticsearch?
Thanks again.

Bargs · November 27, 2018, 6:48pm

There are definitely some differences but I'm not intimately familiar with the details myself. For help with specific SQL queries, try the Elasticsearch forum.

system · December 25, 2018, 6:48pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.