Vaclav: This works fine for me. Can you please verify that the field names match correctly. In your example below, the document has a field "tag" but your marker query is using deploy."tags". Just double check to see that everything matches. Also if it still doesn't work, try just using "tag" in the marker query, like for example tag:marks. Other than that I see there is a range filter on your timestamp field so double check to make sure it is actually matching documents in that range that have values for tag.
On Thursday, February 6, 2014 2:15:30 AM UTC-5, Vaclav Adamec wrote: > > Hi, > I would like to humbly ask for some example how to use markers in Kibana3 > histograms as I unable to get it run. What I unsuccessfully tried is > bellow, definitely I miss something. Thanks > > curl -XPUT 'http://localhost:9200/ossec-logstash-2014.02.05/deploy/1' -d > '{ > "timestamp" : "2014-02-05T12:00:00", > "message" : "Security scans", > "tag" : "marks" > }' > > via head plugin query search I can get it: > > > {"query":{"bool":{"must":[{"term":{"deploy.tags":"marks"}}],"must_not":[],"should":[]}},"from":0,"size":50,"sort":[],"facets":{}} > > _index > _type > _id > ▼ > _score > timestamp > message > tags > > ossec-logstash-2014.02.05 > deploy > 1 > 12.396167 > 2014-02-04T 12:00:00 > Security scans > marks > > > > > > > > > > > > > > > but in Kibana I don't see any marks (even If I tried to query just > deploy.tags I have empty result in Kibana), in histogram query: > > "size": 10, > "query": { > "filtered": { > "query": { > "query_string": { > "query": "deploy.tags:\"marks\"" > } > }, > "filter": { > "bool": { > "must": [ > { > "range": { > "@timestamp": { > "from": 1391497422132, > "to": "now" > } > } > } > ] > } > } > } > }, > "sort": [ > { > "@timestamp": { > "order": "desc" > } > }, > > Marker setup in histogram: > > Markeer query: deploy.tags:"marks" > Tooltip field: @message > Sort: @timestamp > -- You received this message because you are subscribed to the Google Groups "elasticsearch" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/799fc859-e55e-4fdf-8800-d3467e5790d3%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
