在Kibana可视化中编写动态Elasticsearch查询的脚本? [英] Scripting dynamic Elasticsearch queries inside Kibana visualization?
问题描述
我是ELK堆栈的新手.我正在使用Kibana 4.1.我设法使用Elasticsearch Query DSL在Kibana的Discover界面中运行搜索以捕获数据集,然后使用保存的搜索在Kibana中创建新的Visualization和Dashboard小部件.我的Elasticsearch查询看起来像
Hi I'm new to the ELK stack. I'm using Kibana 4.1. I've managed to use the Elasticsearch Query DSL to run searches within Kibana's Discover interface to capture a data set, then used that saved search to create a new Visualization and Dashboard widget in Kibana. My Elasticsearch query looks like
{
"bool" : {
"must" : [
{
"match" : { "service" : "servicename" }
},
{
"match_phrase" : { "msg" : "Trying to get security token for user: joe" }
}
],
"minimum_should_match" : 1,
"boost" : 1.0
}
}
-这将捕获用户joe的所有登录事件.如果我想搜索用户的登录事件:起诉,我必须将上述查询查询的这一部分更改为
-this would capture any login events for user: joe. If i wanted to search for login events for user: sue I'd have to change this part of the above query query to look like
"match_phrase" : { "msg" : "Trying to get security token for user: sue" }
有人要求我查看是否可以通过Kibana Discover选项卡或命令行curl使用Elasticsearch Query DSL来创建动态查询,该查询将允许我们搜索各种用户的登录事件,然后创建一个新的可视化文件.
I was asked to see if there was a way I could use Elasticsearch Query DSL from the Kibana Discover tab or from curl on the command line - to create a dynamic query that would allow us to search for login events of various users, and then create a new visualization.
我认为这是可能的,我不确定在Elasticsearch/Kibana中执行此操作的最佳方法是什么.谁能为我指出正确的方向?谢谢!
I think this is possible, I'm not sure what the best way to do this in Elasticsearch/Kibana. Can anyone point me in the right direction on how to go about this? Thanks!
推荐答案
您可以创建一个新的仪表板,并在该仪表板上添加可视化效果. 然后,您可以在kibana仪表板中将搜索参数添加为查询字符串.
You can create a new dashboard and add visualisation over there. Afterwards, you can add your search parameters as query string in kibana dashboard.
这样,您的仪表板可视化将根据提供的参数进行更改.
This way, your dashboard visualisations changes on basis of argument provided.
希望这会有所帮助.
这篇关于在Kibana可视化中编写动态Elasticsearch查询的脚本?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
