Nagios Support Forum

Support for Nagios products and services
https://support.nagios.com/forum/

What's the best resource for making dashboard filters?

https://support.nagios.com/forum/viewtopic.php?t=29745

Page 1 of 1

What's the best resource for making dashboard filters?

Posted: Wed Oct 22, 2014 2:49 pm
by eloyd
#NagiosCon14 introduced NLS. Time to data mine our VoIP servers call records (and apache logs and /var/log/messages and...and...and...).

Except I'm totally new to this ELK thing.

Can someone point me in a good direction to be able to do the filtering for dashboard creation? Specifically, I'd like to be able (if possible) to do something like this:

Server A, B, and C make/take phone calls. Inbound calls and outbound calls look different in the log file. I'd like to be able to show a graph of number of inbound calls and outbound calls per server over time as a stacked or side-by-side bar chart (a la Excel). To do this, I need to filter on a substring of the message field. Our call logs come in with a specific program type (using setup-linux.sh -t <tag>) and I can't even figure out how to filter on program type. I'm not "getting" how to get the field list in the filter field. Shouldn't there be a way to specify "program" in here somewhere?
Capture.PNG

Re: What's the best resource for making dashboard filters?

Posted: Wed Oct 22, 2014 3:00 pm
by eloyd
I love answering my own questions.

Found this, and I think it is the key to the door: http://packetbeat.com/docs/kibana-filte ... eries.html. It led me to http://lucene.apache.org/core/3_5_0/que ... yntax.html, which mostly anwers my questions.

Re: What's the best resource for making dashboard filters?

Posted: Thu Oct 23, 2014 9:04 am
by scottwilkerson
One thing I will point out.

If you add a filters they will apply across everything, however if you add multiple queries, you will get faceted results that are color coded with the query color. Each Panel can have a combined view of zero or more queries from the queries tab for the panel.

Filters are cached on the server side for fast processing, whereas queries take a bit more processing /memory when executing.

So, best practice is to filter what you can, to limit result sets, then add queries to get multiple views for you graphs etc.

Re: What's the best resource for making dashboard filters?

Posted: Thu Oct 23, 2014 9:23 am
by eloyd
Thanks. Amazing what I found when I RTFM'ed Kibana. ;-) Turns out you can CLICK ON THE COLOR CIRCLE of the query and change it to a regexp (as well as change its color). Then you can stack/not-stack the results from multiple queries once the data has been filtered. So now all our call logs are dumped into NLS and we can get real-time info on number of inbound/outbound calls without having to run database reports because NLS knows the appropriate strings to look for in the text-based call log files:
Capture.PNG
And for ME to get excited about something, it HAS to be cool!! :-)
All times are UTC-05:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited