Hi,

I have a question on Kibana Data Table, i am trying to build the Data table in below format but i was unable to do it, i dont have an option in Kibana to build the data table like this, please help me on this.....

AppName | 03/13/2019 | 03/14/2019 | 03/15/2019
A1 | 10 GB | 12 GB | 13 GB
A2 | 111.1 GB | 12.5 GB | 15 GB
.....
.....
and So on...

but when i tried i am getting on below format, which i dont want AppName to be repeated.

03/13/2019 03/14/2019
----------------------------- --------------------------------- --------------------
AppName | size SAppName | Size ................ and so on
A1 | 10 GB A1 | 13 GB .................
A2 | 111.1 GB A2 | 15 GB

can you suggest me how to write functional test cases for kibana 4.6.4 plugins? and unable to setup the unit test cases setup using karma. Can you help me out in this?

Hi Tim Roes, I want to know how to send a custom query to elastic search or kibana rest api from custom kibana plugin. Are there any api methods to use. I would feel happy if you can reply me.

Hi Hasem,

yes there is a method, and you should actually use it (since it also takes care about sending credentials, etc.).
You can find information about that method in this blog post.

Hope that is what you are looking for.

can you suggest me how to write functional test cases for kibana 4.6.4 plugins?

Hello Tim,

Need some help regarding a visualization in Kibana . I have an index with a date and hours worked . I also have a week no in the index so that I can get total hours worked per week . My problem now is to show ranges of total hours per week .eg [0-40] , [40 to 80] for week 1 etc etc. It seems I cant filter/range on a metric . Is this at all possible in Kibana , without actually having [hours per week] already in my index?

Hi Pieter, you totally got that right. Unfortunately there is no possibility to do in Kibana what you want. You cannot use the result of the metric aggregations of buckets to actually create buckets, and then do e.g. a count of documents in there. Easiest would indeed be the solution you suggest, by precalculating this data before insertion into the ES.

Hello Tim,

I need your help on to work around Elasticsearch duplicate data entry with different id number.
I also like to know how to search for unique field value on kibana discover page.

Thanks

Hi Tim, I have a question. I am using Kibana4. In the Area / Line Chart Section, I can see that user.lang:tr. Could you please tell me what does it refer to? I tried using index and type along with the field name to get the data. like for example if I want the city:shaft and my index name is bank and type name is account. and I want to filter out shaft city from the document in kibana likewise you did for user.lang:tr.. what does the user refer to in your scenario? is it index or type?

Hi, it's neither index nor type. It's just a nested object inside, e.g. you can put documents into Elasticsearch that looks as follows:

{
  "user": {
    "lang": "tr"
  }
}

That is what user.lang refers to. If you just have a field "city" in it, you would do the filter on city:SomeValue. Filters/queries can be a bit confusing what kind of data they found, so you can also see this post where I explain how search works and how it's linked to analyzers.

Hi Tim! Thanks for the tutorial. Starting to build my own dashboards :-)

Glad it helped you, analyzing.. whatever kind of data ;-)

Hi Tim! Great tutorials - thank you very much! I was wondering if it is possible to build an aggregation referencing a different aggregation. E.g. i can create an aggreagtion of the amount of clicks in total and an aggregation of the amount of unique users in total. So i'll have 10000 clicks, and 2000 users. Could I do an average over the clicks based on the amount of unique users in the same time frame?

nice tutorial! However I was wondering how can I create a visualization with bars sitting side by side. For instance I got a log consisting of request and response messages. How do I aggregate request and response count so that bars with different colors represent them in a single graph? You have a similar example above but I cannot see how to create a filter with multiple queries!!

Excellent tutorial, thanks.

Awesome tutorial. Helped a lot

Loved the entire series! The twitter sample data coordinates.coordinates that is type= geo_point and the map info looks awesome.

How do you change the field type???

Because I have IP address data that has geo info in it, but the type is "number" so it doesn't come up as compatible with Geohash.

How can we do a ratio of between to count aggregations of two different fields, for example users by time / pag views time?

how to build a visualization with on Y axis a data from a document type and on X axis a field of another type of document. Master indices shows me correctly all fields either from document type 1 and document type 2, time stamp for each is exactly the same ..... no way to build this visualization .... always empty ??!

how to build a correlation visualization ?

hello i have doubt in creating table without split row is it possiable plz reply asap

thanking you

Very well written article.
One quick question: Is there a way to specify sorting of fields while building visualizaiton?

Hi Tim, thank you for this great tutorial.

I have configured my index and am visualizing my Twitter data correctly now; however, I cannot find the way to map the field coordinates.coordinates so as to be able to see it using the tile map.

Would you mind explaining a bit on how to do it?

Thanks again!

Hi Tim, thanks for this interesting post about kibana 4. I followed your instructions und got it working, just a bit is missing for full success.

I send syslog messages to logstash and kibana 4 shows me the data right away. But there is a "_source" field, that can't be analyzed cuz its not indexed.

Do you have an idea how to index an analyze this field?

Thanks in advance!

Hi,

Thank you very much for very useful guide!It helped me a lot to use Kibana 4, however for some reasons I need to use now Kibana 3 version and I cannot find anywhere the option to create ranges- do you know if this was new feature added to v4 or does it exist in the v3 (if so where to find it...)?
Best,
Agata

Hello everyone,

just a quick question. I need to create a date-histogram (line) with timeline in x-axes and numeric values in y-axes.
Being more specific i want to do this on this example:
time: 2015-05-05 16:29:23.940 VCPUS: 17
time: 2015-05-05 16:39:23.940 VCPUS: 19
time: 2015-05-05 16:49:23.940 VCPUS: 25

So i need time in x-axes and VCPUS value in y-axes. Is there a possible way to do that? Thank you a lot!
...

I tried following the instructions, but no matter what I try the area chart always displays only

Area charts require more than one data point. Try adding an X-Axis Aggregation

Hi ED,

I had the same problem, it happens also if there is no data to be shown.

First have a look at your "Discover" section and see if the "created_at" field is shown with content there.

Second, just start with a simpler area chart, e.g. only with an X-Axis showing "lang".

Hope that helps.

Kind regards,

Tobias

Very useful, thanks for this write up.

first of all things, I got to salute and thank you for these amazing articles !
With that being said, I have a question ; I'm trying to search to "4" in my agent field
to do so I've written *agent:4 in the search box, but when I do so, the box becomes red and thus I can't make my search!
Any idea why is that happening and how to fix it?

Did you enter the asterisks in the field? If so why? :-)

The query "agent:4" (without the quotes around it) should just do what you want.

Hey Tim,

Thnks for the reply !

Now, I have another problem;
In fact, I want to push data I have in my hadoop cluster to ES and then visualize the hole thing in kibana.

this is what I've done :

1)

CREATE TABLE xx(traffic_type_id INT, caller INT, time STRING, tranche_horaire INT, called INT, call_duration INT, code_type_trafic STRING, code_destination_trafic STRING, location_number STRING, id_offre INT, id_service INT)
ROW FORMAT DELIMITED FIELDS TERMINATED BY '\t';

LOAD DATA INPATH '/user/hive/outt.csv' OVERWRITE INTO TABLE cdr;

______________________________________________________________

2)

CREATE EXTERNAL TABLE esxx (caller INT, time STRING, tranche INT, called_number INT, duration INT, code_type STRING, code_destination STRING, location STRING, offre INT, service INT)
STORED BY 'org.elasticsearch.hadoop.hive.EsStorageHandler'
TBLPROPERTIES('es.resource' = 'xx/xx',
'es.nodes'='192.168.238.130:9200',
'es.mapping.names' = 'time:@timestamp');

INSERT OVERWRITE TABLE escdr SELECT s.caller, s.time, s.tranche_horaire, s.called, s.call_duration, s.code_type_trafic, s.code_destination_trafic, s.location_number, s.id_offre, s.id_service FROM cdr s;

_____________________________________________________________

3)

CREATE EXTERNAL TABLE xx (
caller INT,
time TIMESTAMP,
tranche INT,
called_number INT,
duration INT,
code_type STRING,
code_destination STRING,
location STRING,
offre INT,
service INT)
STORED BY 'org.elasticsearch.hadoop.hive.EsStorageHandler'
TBLPROPERTIES('es.resource' = 'xx/xx/',
'es.nodes'='192.168.238.130:9200',
'es.mapping.names' = 'time:@timestamp');

But Kibana doesn't seem to recognize my timestamp "time", ES keeps on mapping it as a string (the time field in my csv file is as so : exp : 11:12:45 ! What should I change to let ES do the appropriate mapping and thus recognize my timestamp?
Best regards,
Omar,

Sorry, never worked with hadoop, so I can't help you there. Best you could ask this is the #elasticsearch IRC channel on freenode.

Also this tutorial holds some information about Hadoop and timestamps, though it looks terrible complicated for me, and I can't imagine that there isn't any better way.

Quick reply to Omar's question about getting Kibana to recognise a field is not a string.
Havent checked the whole thing, but when playing locally with indexes resorting to a template and telling Kibana a particular field was not a string worked for me.

This was a useful link : http://code972.com/blog/201...

Thanks again for your cooperation;
Now I want to know; let's forget about Hadoop for a moment.
If you have a file with a field time like this : exp : 01AUG2014:19:03:00
and location : exp :21700000000000

What would you do to make Kibana recognize them as timestamp and geo_location?
That's what I'm trying to do and find out