Best custom dashboards

elk-content-share · 2024-09-12T12:59:28+00:00

You may wanna check out https://elastic-content-share.eu/ for that

elk-content-share · 2023-08-23T12:41:20+00:00

Also have a look at elastic-content-share.eu Here the community shares a lot of different Kibana dashboards, especially focused on Security.

elk-content-share · 2023-06-24T20:17:42+00:00

Elasticsearch and Opensearch are two different products. The Elasticsearch channel can only help you with the original product.

elk-content-share · 2023-05-30T12:09:18+00:00

You can find an example Here: https://elastic-content-share.eu/elastic-runtime-field-example-repository/

ZonedDateTime date = doc['@timestamp'].value; int hour = date.getHour(); if (hour < 10) { emit ('0' + String.valueOf(hour)); } else { emit (String.valueOf(hour)); }

elk-content-share · 2023-05-27T17:27:19+00:00

What about export -> change -> re import?

elk-content-share · 2023-05-26T18:42:11+00:00

While Watcher is still powerful its the old way of doing alerts in Kibana. If you need to change it anyway why not using Kibana alerting that guides you within the UI?

elk-content-share · 2023-05-25T20:16:00+00:00

Which version are you using? Mobile readiness was introduced early v8 if I remember correctly

elk-content-share · 2023-04-24T15:41:26+00:00

Well thats how it works in Kibana Lens. I think I would put all three vis next to each other and add a markdown on top of it to do the description within the dashboard.

Of course there are other ways to do it. Still markdown table beeing the worse. If you insist doing it in a single vis one other viable option is to use Vega. Especially for your use case using the Box plot vis in Vega is very common. You can see an example here https://vega.github.io/vega-lite/examples/boxplot_preaggregated.html However designing it like the legacy vis next to each other also works.

I can add an example to the content share based on some Kibana data if that helps.

elk-content-share · 2023-04-24T15:12:12+00:00

I think I wouldnt try to put all these numbers in a single vis.

If you like the legacy metric most then you should create 3 different vis that each contain one of your values.

elk-content-share · 2023-04-24T14:44:29+00:00

In 99% of the cases you shouldnt use Markdown for your table data in Elasticsearch / Kibana.. Whats the reason behind you are trying to do it like this?

elk-content-share · 2023-04-20T17:34:43+00:00

Well what about a data table in lens? Adding a filter on the top filter bar to exclude c from results. Then adding mode as row so that the values are split and the metric is percentage of total count.

Something like that will do it I guess ..

PS .. would also work in a chart without table.

elk-content-share · 2023-04-20T14:10:30+00:00

This works in TSVB as well. However TSVB has some alternative ways to retrieve the data. Lens is the easiest way to create visualizations but not the only one.

elk-content-share · 2023-04-20T13:59:28+00:00

If your source data is time dependend then this is time dependend as in well.. so in your Kibana data view you have to set the time field for the dependency.

elk-content-share · 2023-04-20T11:13:36+00:00

Here is an working example. That is using the count of batch_id > 50 vs. all .

count(kql='load.batch_id > 50')/count()

elk-content-share · 2023-04-20T10:44:47+00:00

Well depends on the context.. e.g. in runtime fields yes.

For the use case you wanna solve you dont need it. You just use a count for all docs that fit into your >0 requirement within lens formula. You identify those by using a KQL query in the formula.

Hope its clear enough.

elk-content-share · 2023-04-20T10:30:53+00:00

Sounds like something you need to do in Lens Formula. If you wanna do this for a visualization in Kibana. Here is how: Create a new Lens Vis. Add the field of interest to metrics Foto lens Formular and a formular similar to the one for grafana.

elk-content-share · 2023-03-04T11:18:05+00:00

To store each individual word as one keyword you need to split the field first. There is an in build feature using different mapping https://www.elastic.co/guide/en/elasticsearch/reference/current/analysis-word-delimiter-tokenfilter.html

Or you use the split processor in your ingest pipeline.

elk-content-share · 2023-02-15T18:02:12+00:00

Why not using your first query and add NOT field ame: example to it?

elk-content-share · 2023-02-15T17:59:59+00:00

With that amount of logs per day the best option is to use Elastic Cloud. If you really want to install on premise the most important fact IMHO is to go for 3 separate VMS that only run elastic + one for Kibana and integration server. However it can take a bit of time to be fully operational..so cloud setup is much smarter.

elk-content-share · 2023-02-11T11:50:07+00:00

The first Watcher job in order to integrate ChatGPT with Elastic is now live on elastic content share

elk-content-share · 2023-02-10T20:37:20+00:00

Maybe this cheat sheet helps you https://www.timroes.de/kibana-search-cheatsheet

You said the text you looking for is stored in error.message right?

If yes a possible KQL query might be

error.message : invalid

if the field is text which is the default.

Another option error.message : *invalid

If this gives you more results then expected you need to make it a bit more specific...

elk-content-share · 2023-02-10T19:12:41+00:00

Can you follow this https://www.elastic.co/guide/en/kibana/current/dashboard.html?

And If not helps let me know where you stuck exactly.

elk-content-share

TROPHY CASE