#NagiosCon14 introduced NLS. Time to data mine our VoIP servers call records (and apache logs and /var/log/messages and...and...and...).
Except I'm totally new to this ELK thing.
Can someone point me in a good direction to be able to do the filtering for dashboard creation? Specifically, I'd like to be able (if possible) to do something like this:
Server A, B, and C make/take phone calls. Inbound calls and outbound calls look different in the log file. I'd like to be able to show a graph of number of inbound calls and outbound calls per server over time as a stacked or side-by-side bar chart (a la Excel). To do this, I need to filter on a substring of the message field. Our call logs come in with a specific program type (using setup-linux.sh -t <tag>) and I can't even figure out how to filter on program type. I'm not "getting" how to get the field list in the filter field. Shouldn't there be a way to specify "program" in here somewhere?
What's the best resource for making dashboard filters?
What's the best resource for making dashboard filters?
You do not have the required permissions to view the files attached to this post.
Re: What's the best resource for making dashboard filters?
I love answering my own questions.
Found this, and I think it is the key to the door: http://packetbeat.com/docs/kibana-filte ... eries.html. It led me to http://lucene.apache.org/core/3_5_0/que ... yntax.html, which mostly anwers my questions.
Found this, and I think it is the key to the door: http://packetbeat.com/docs/kibana-filte ... eries.html. It led me to http://lucene.apache.org/core/3_5_0/que ... yntax.html, which mostly anwers my questions.
-
scottwilkerson
- DevOps Engineer
- Posts: 19396
- Joined: Tue Nov 15, 2011 3:11 pm
- Location: Nagios Enterprises
- Contact:
Re: What's the best resource for making dashboard filters?
One thing I will point out.
If you add a filters they will apply across everything, however if you add multiple queries, you will get faceted results that are color coded with the query color. Each Panel can have a combined view of zero or more queries from the queries tab for the panel.
Filters are cached on the server side for fast processing, whereas queries take a bit more processing /memory when executing.
So, best practice is to filter what you can, to limit result sets, then add queries to get multiple views for you graphs etc.
If you add a filters they will apply across everything, however if you add multiple queries, you will get faceted results that are color coded with the query color. Each Panel can have a combined view of zero or more queries from the queries tab for the panel.
Filters are cached on the server side for fast processing, whereas queries take a bit more processing /memory when executing.
So, best practice is to filter what you can, to limit result sets, then add queries to get multiple views for you graphs etc.
Re: What's the best resource for making dashboard filters?
Thanks. Amazing what I found when I RTFM'ed Kibana. 
Turns out you can CLICK ON THE COLOR CIRCLE of the query and change it to a regexp (as well as change its color). Then you can stack/not-stack the results from multiple queries once the data has been filtered. So now all our call logs are dumped into NLS and we can get real-time info on number of inbound/outbound calls without having to run database reports because NLS knows the appropriate strings to look for in the text-based call log files:
And for ME to get excited about something, it HAS to be cool!!
Turns out you can CLICK ON THE COLOR CIRCLE of the query and change it to a regexp (as well as change its color). Then you can stack/not-stack the results from multiple queries once the data has been filtered. So now all our call logs are dumped into NLS and we can get real-time info on number of inbound/outbound calls without having to run database reports because NLS knows the appropriate strings to look for in the text-based call log files:And for ME to get excited about something, it HAS to be cool!!
You do not have the required permissions to view the files attached to this post.