在Kibana 4中对仪表板上的OR进行过滤
我想创建一个仪表板,以显示有关一组有限的请求值的信息:
I want to create a dashboard which shows information about a limited set of request values :
request:("/path1" OR "/path2" OR "/path3")
到目前为止我已经尝试过的:
What I've tried so far:
- 我可以通过单击饼图的一部分来向仪表板添加过滤器,但是所有这些过滤器都将应用为AND过滤器,而不是OR过滤器.这种工作方式还需要所有可能的请求值的实际数据.在测试环境中并非总是如此.
- 在发现"中,我创建了一个保存的搜索,但是我不知道如何将其应用于仪表板",因此它成为了仪表板定义的一部分.
是使用仪表板编辑器执行此操作的一种方法,还是需要通过设置"->对象"->仪表板"来执行一些json脚本?如果是这样,您能为我指出这种(转义的)语法的很好参考吗?
Is their a way to do this using the Dashboard editor or does it require some json scripting via Settings->Objects->Dashboards ? If so can you point me a good reference to this (escaped) syntax ?
在Kibana 3中,您可以定义两个"类型的过滤器. Kibana 4中是否存在此功能?
In Kibana 3 you could define filters of type "either". Does this functionality exist in Kibana 4 ?
我正在使用Kibana 4.0.2
I'm using Kibana 4.0.2
我不确定这是否是您实际问题的答案,无论如何我都会写出来,因为有人可能会从中受益,我在Kibana过滤器语法中找到了一些示例在进行谷歌搜索时变得难以捉摸.
I am not sure if this is an answer to your actual question, I'll write it anyway as someone may benefit and I found examples on the Kibana filter syntax to be elusive when googling.
我试图在发现"选项卡中定义一个布尔过滤器,而不是布尔查询,以使搜索字段更加整洁,并便于对有限的一组值进行进一步的过滤.
I am trying to define a boolean filter instead of a boolean query in my Discover tab, to unclutter the search field and fascilitate further filtering on a limited set of values.
我发现此文档链接其中,或,不描述过滤器语法.经过一些试验,这对我有用,例如:
I found this link to the documentation where AND, OR, NOT filter syntax is described. After a bit of experimenting this was what worked for me, example:
我有一个名为host的字段,其中包含运送日志条目的服务器的名称.有很多服务器,每个服务器属于几个冗余组之一.要仅过滤由服务器"SERVER06 OR SERVER07 OR SERVER08"产生的日志条目,这些日志条目恰好属于不同的冗余组B-Servers,我可以像这样制作OR过滤器:
I have a field named host containing the name of the server shipping the log entry. There are quite a few servers, each belonging to one of several redundancy groups. To filter only for log entries produced by the servers "SERVER06 OR SERVER07 OR SERVER08" which happen to belong to a distinct redundancy group B-Servers I can make an OR filter like so:
{
"bool": {
"should": [
{
"query": {
"match": {
"host": {
"query": "SERVER06",
"type": "phrase"
}
}
}
},
{
"query": {
"match": {
"host": {
"query": "SERVER07",
"type": "phrase"
}
}
}
},
{
"query": {
"match": {
"host": {
"query": "SERVER08",
"type": "phrase"
}
}
}
}
]
}
}
并将其保存为名为B-Servers的搜索.现在,我得到了一个过滤列表,可以在其中选择带有更多限制过滤器的服务器.在拥有所有服务器之前,quick count仅列出了五个最重要的条目,因此,如果目标不在列表中,我就必须选择一个,然后手动编辑过滤器.
and save it as a search called B-Servers. Now I get a filtered list, where I can cherry pick a server with a further and more restrictive filter. Before I had all servers and the quick count only listed the five top entries, so I had to pick one and then edit the filter manually if my target wasn't in the list.
这对于其他字符串类型字段也应该很有用.我认为文档应该包含更多示例,以设置bool语句的放置环境,而不仅仅是对原理的演示.
This should be useful for other string type fields too. The documentation should have included a couple of more examples I think, to set the context for the placement of the bool statement and not just a demonstration of the principle.
此链接对于说明如何从搜索字段而不是作为过滤器演示布尔值也很有用.
This link was also useful for demonstrating how to do booleans from the search field rather than as a filter.
是针对Kibana 5.2的更新,因为我无法使用以前的语法.以下是5.2的技巧,我使用了
An update for Kibana 5.2 as I could not get the previous syntax to work. The following did the trick with 5.2, I used this link to figure it out:
{
"query": {
"bool": {
"should": [
{
"match": {
"host": "SERVER06"
}
},
{
"match": {
"host": "SERVER07"
}
},
{
"match": {
"host": "SERVER08"
}
}
],
"minimum_should_match": 1
}
}
}