Kibana Notes: Difference between revisions
From Federal Burro of Information
Jump to navigationJump to search
No edit summary |
No edit summary |
||
(5 intermediate revisions by the same user not shown) | |||
Line 13: | Line 13: | ||
set : timelion:es.timefield to "time" ( not @time ). | set : timelion:es.timefield to "time" ( not @time ). | ||
== Stacked Graph on values == | |||
Buckets X-axiz-> Data histogram | |||
Then "Add sub bucket" -> "Split series" -> "Terms" -> $fieldname | |||
== Value is one of == | |||
X in Y | |||
booking_status:(completed OR ongoing) | |||
booking_status:('completed' OR 'ongoing') | |||
== Dump settings == | == Dump settings == | ||
Line 18: | Line 32: | ||
curl -X GET -s http://${HOST}:9200/.kibana/_settings | python3 -m json.tool | curl -X GET -s http://${HOST}:9200/.kibana/_settings | python3 -m json.tool | ||
== | ==Also See == | ||
* [[Elasticsearch Notes]] | |||
Latest revision as of 21:52, 13 November 2019
ES on AWS
Comes wth kibnana.
send some app logs from app to firehose, then to es.
as it lands in ES the time field is "time" rather than say @timetamp , or @time.
this is important with you want to do timelion stuff.
You will need to change a config , Management - Advanced Settings:
set : timelion:es.timefield to "time" ( not @time ).
Stacked Graph on values
Buckets X-axiz-> Data histogram
Then "Add sub bucket" -> "Split series" -> "Terms" -> $fieldname
Value is one of
X in Y
booking_status:(completed OR ongoing)
booking_status:('completed' OR 'ongoing')
Dump settings
curl -X GET -s http://${HOST}:9200/.kibana/_settings | python3 -m json.tool