elasticsearchlogstashkibanakibana-4elastic-stack
Vertical bar chart in Kibana
I have set up ELK stack and following type of JSON is getting stored in elasticsearch(following JSON is copied from Kibana UI).
Now I want to display Vertical bar chart which will have Top 5 "hostname" when "action" is equal to "passthrough"
{
"_index": "logstash-2016.06.16",
"_type": "utm",
"_id": "AVVaFcaB7mNsx5uOb1-_",
"_score": null,
"_source": {
"message": "<190>date=2016-06-16 time=22:10:26 hostname=\"googleads.g.doubleclick.net\" profile=\"Software_Dept\" action=passthrough",
"@version": "1",
"@timestamp": "2016-06-16T16:40:24.284Z",
"hostname": "googleads.g.doubleclick.net",
"profile": "Software_Dept",
"action": "passthrough"
},
"fields": {
"@timestamp": [
1466095224284
]
},
"sort": [
1466095224284
]
}
I am stuck here, able to show top 5 hostname but they are not filtered by "action" is equal to "passthrough".
Solution
Go to the Discovery page and enter the search query : action:passthrough
Once you've entered your query in the discovery page, save your current search:
Kibana documentation
Then when creating the visualisation, after selecting the visualisation type, you use "From a saved search" to select the search you've created.
In that case only the documents from the search will be on the graph.
- Constrain a Specman list so it doesn't have identical values in consecutive elements
- How to type cast a list of uint to a list of vr_ahb_data in Specman?
- Static fields/methods in e
- What is the difference between deep_copy and gen keeping in Specman?
- Specman UVM: What is the difference between write_reg { .field == 2;}; and write_reg_fields?
- Does Specman support optional parameters to a method?
- Specman e: When colon equal sign ":=" should be used?
- Specman e: Is there a way to know how many values there is in an enumerated type?
- Specman e error: No match for file when using "for each line in file"
- How to run e file one by one? Not in parallel test
- Specman/e constraint (for each in) iteration
- Specman e: How driver's items queue can be locked from a sequence?
- Specman e: How to print variable's address?
- Specman e: "keep type .. is a" fails to refine the type of a field
- Specman soft select on variable, decimal vs. hexadecimal values
- Specman e: How to print a pointer to a struct?
- Specman e: Is there a way to print unit instance name?
- Specman e: simultaneous events error
- Specman e coverage: ignored values appear in the coverage statistics
- Specman e: How a sequence should be started when gen_and_start_main constrained to FALSE?
- Specman/e list of lists (multidimensional array)
- Does Specman e have struct constructor?
- Specman e: How the predefined sequence.item should be used?
- Specman e: define-as-computed macro error
- Specman e UVM: Why to inherit from uvm_* units?
- Specman e: A sequence drives its BFM also its MAIN was not defined in a test
- e HVL (IEEE 1647): expect expression fails unexpectedly
- Specman e subtyping: How to refer to FALSE value of conditional field in when/extend subtyping?
- e HVL (IEEE 1647): How to set 'X' value?
- Difference between declaring an event that is sensitive to a simple_port value and event_port