Kibana Notes: Difference between revisions

From Federal Burro of Information
Jump to navigationJump to search
No edit summary
 
(4 intermediate revisions by the same user not shown)
Line 14: Line 14:
set : timelion:es.timefield to "time" ( not @time ).
set : timelion:es.timefield to "time" ( not @time ).


== Dump settings ==
== Stacked Graph on values ==
 
Buckets X-axiz-> Data histogram
 
Then "Add sub bucket" -> "Split series" -> "Terms" -> $fieldname
 
== Value is one of ==


curl -X GET -s http://${HOST}:9200/.kibana/_settings | python3 -m json.tool
X in Y


== Disk full -> readonly lock ==
booking_status:(completed OR ongoing)


If the disk fills up the kibana index ( .kibana ) will got into "read-only" mode.
booking_status:('completed' OR 'ongoing')


reset it like this:
== Dump settings ==


<pre>
curl -X GET -s http://${HOST}:9200/.kibana/_settings | python3 -m json.tool
curl -X PUT http://${HOST}:9200/.kibana/_settings -d '
{
"index": {
"blocks": {
"read_only_allow_delete": "false"
}
}
}' -H'Content-Type: application/json'
</pre>


and you will get back if it worked:
==Also See ==


{"acknowledged":true}
* [[Elasticsearch Notes]]

Latest revision as of 21:52, 13 November 2019

ES on AWS

Comes wth kibnana.

send some app logs from app to firehose, then to es.

as it lands in ES the time field is "time" rather than say @timetamp , or @time.

this is important with you want to do timelion stuff.

You will need to change a config , Management - Advanced Settings:

set : timelion:es.timefield to "time" ( not @time ).

Stacked Graph on values

Buckets X-axiz-> Data histogram

Then "Add sub bucket" -> "Split series" -> "Terms" -> $fieldname

Value is one of

X in Y 

booking_status:(completed OR ongoing)

booking_status:('completed' OR 'ongoing')

Dump settings

curl -X GET -s http://${HOST}:9200/.kibana/_settings | python3 -m json.tool

Also See

Retrieved from "https://wiki.quadratic.net/index.php?title=Kibana_Notes&oldid=4530"