在Kibana 4中通过查询运行简单的SQL组 [英] Run a simple sql group by query in kibana 4

问题描述

我想在kibana 4发现"页面中通过查询运行一个简单的sql组. 我的弹性搜索索引中的每条记录都代表一个日志，并有3列:process_id (not unique value), log_time, log_message.

I want to run a simple sql group by query in kibana 4 "Discover" page. Each record in my elastic search index represent a log and has 3 columns: process_id (not unique value), log_time, log_message.

示例:

process_id              log_time          log_message

process_id                log_time             log_message

----------------     --------------------     --------------------

----------------       --------------------       --------------------

1      2014/12/11 01:00          msg1

1                        2014/12/11 01:00           msg1

1             nbsp; b&b ; 2014/12/11 01:10          msg2

1                        2014/12/11 01:10           msg2

1             nbsp; b&b ; 2014/12/11 01:20          msg3

1                        2014/12/11 01:20           msg3

2              nbsp; b 2014/12/11 11:00         msg4

2                        2014/12/11 11:00           msg4

2              nbsp; b 2014/12/11 11:10         msg5

2                        2014/12/11 11:10           msg5

我想在kibana中生成一个如下表:

I want to generate a table in kibana that looks like:

process_id'

process_id         first log_time              last log_time

---------------- ------------------------       --------------------

---------------- ------------------------       --------------------

1                   2014/12/11 01:00      2014/12/11 01:20

1                    2014/12/11 01:00       2014/12/11 01:20

2                 1 11:00       2014/12/11 11:10

2                    2014/12/11 11:00       2014/12/11 11:10

在sql中，查询很简单: 选择process_id，max(log_time)，min(log_time) 来自logs_table 按process_id分组

In sql the query is simple: select process_id, max(log_time), min(log_time) from logs_table group by process_id

如何在Kibana中运行此查询?是否可以在发现"页面中运行查询?还是应该创建一个面板(可视化"页面)?

How can I run this query in Kibana? Is it possible to run the query in "Discover" page or should I create a panel (Visualize page)?

谢谢.

推荐答案

我正在使用Kibana 4.3，但是在任何版本的Kibana上都可以使用.您需要创建数据表"类型的可视化"面板.

I'm on Kibana 4.3, but this is possible on any version of Kibana. You need to create a Visualization panel of type Data Table.

在此之前，您需要确保已使用log_time日期字段作为索引的时间戳为该索引创建了索引模式(例如此索引).

Before that you need to make sure that you've created an index pattern for your index, such as this one, with the log_time date field as the timestamp for your index.

然后，您可以创建数据表可视化，并且它必须像这样，即process_id字段上的拆分行terms聚合，然后在报表上的两个指标聚合(一个min和一个max) log_time日期字段

Then you can create your Data Table visualization and it must look like this, i.e. a split rows terms aggregation on the process_id field and then two metrics aggregation (one min and one max) on the log_time date field

最后，您的结果将如下所示:

Finally, your results will look like this as expected:

这篇关于在Kibana 4中通过查询运行简单的SQL组的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！