Thanks for reply, actually If I copy whole search query from histogram
(Kibana3 - Inspect) and run it in shell I get results,
but not getting anything in graph itself -
https://gist.github.com/VAdamec/8859892 result is:


{
  "took" : 5,
  "timed_out" : false,
  "_shards" : {
    "total" : 96,
    "successful" : 96,
    "failed" : 0
  },
  "hits" : {
    "total" : 11,
    "max_score" : 1.0,
    "hits" : [ {
      "_index" : "ossec-logstash-2014.02.05",
      "_type" : "deploy",
      "_id" : "7",
      "_score" : 1.0, "_source" : {
    "timestamp" : "2014-02-05T16:00:00",
    "message" : "QUALYS internal linux system",
    "tags" : "marks"
}
    }, {
      "_index" : "ossec-logstash-2014.02.05",
      "_type" : "deploy",
      "_id" : "8",
      "_score" : 1.0, "_source" : {
    "timestamp" : "2014-02-06T8:30:00",
    "message" : "QUALYS internal linux system",
    "tag" : "marks"
}
    }, {
      "_index" : "ossec-logstash-2014.02.05",
      "_type" : "deploy",
      "_id" : "S94z2ZE3QKOWFJTk4sH1dw",
      "_score" : 1.0, "_source" : {"query_string" : { "query":
"deploy_tags:\"marks\""}}
    }, {
      "_index" : "ossec-logstash-2014.02.05",
      "_type" : "deploy",
      "_id" : "2C78qfQ8SnauY98Z-z_g5A",
      "_score" : 1.0, "_source" : {"query_string" : { "query":
"deploy_tags:\"marks\""}}
    }, {
      "_index" : "ossec-logstash-2014.02.05",
      "_type" : "deploy",
      "_id" : "3",
      "_score" : 1.0, "_source" : {
   "message" : "QUALYS internal linux system"
}
    }, {
      "_index" : "ossec-logstash-2014.02.05",
      "_type" : "deploy",
      "_id" : "4",
      "_score" : 1.0, "_source" : {
    "timestamp" : "2014-02-04T12:00:00",
    "message" : "QUALYS internal linux system"
}
    }, {
      "_index" : "ossec-logstash-2014.02.05",
      "_type" : "deploy",
      "_id" : "5",
      "_score" : 1.0, "_source" : {
    "timestamp" : "2014-02-03T12:00:00",
    "message" : "QUALYS external linux system"
}
    }, {
      "_index" : "ossec-logstash-2014.02.05",
      "_type" : "deploy",
      "_id" : "OfW9bP-ySsO4Vdi5CXIrHQ",
      "_score" : 1.0, "_source" : {"query_string" : { "query":
"_type:deploy"}}
    }, {
      "_index" : "ossec-logstash-2014.02.05",
      "_type" : "deploy",
      "_id" : "6",
      "_score" : 1.0, "_source" : {
    "timestamp" : "2014-02-04T12:00:00",
    "message" : "QUALYS internal linux system",
    "tags" : "marks"
}
    }, {
      "_index" : "ossec-logstash-2014.02.05",
      "_type" : "deploy",
      "_id" : "1",
      "_score" : 1.0, "_source" : {
    "timestamp" : "2014-02-05T12:00:00",
    "message" : "QUALYS internal linux system",
    "tag" : "marks"
}
    } ]
  }
}



On Thu, Feb 6, 2014 at 3:01 PM, Binh Ly <[email protected]> wrote:

> Vaclav:
>
> This works fine for me. Can you please verify that the field names match
> correctly. In your example below, the document has a field "tag" but your
> marker query is using deploy."tags". Just double check to see that
> everything matches. Also if it still doesn't work, try just using "tag" in
> the marker query, like for example tag:marks. Other than that I see there
> is a range filter on your timestamp field so double check to make sure it
> is actually matching documents in that range that have values for tag.
>
>
> On Thursday, February 6, 2014 2:15:30 AM UTC-5, Vaclav Adamec wrote:
>>
>> Hi,
>>  I would like to humbly ask for some example how to use markers in
>> Kibana3 histograms as I unable to get it run. What I unsuccessfully tried
>> is bellow, definitely I miss something. Thanks
>>
>> curl -XPUT 'http://localhost:9200/ossec-logstash-2014.02.05/deploy/1' -d
>> '{
>>     "timestamp" : "2014-02-05T12:00:00",
>>     "message" : "Security scans",
>>     "tag" : "marks"
>> }'
>>
>> via head plugin query search I can get it:
>>
>> {"query":{"bool":{"must":[{"term":{"deploy.tags":"marks"}}
>> ],"must_not":[],"should":[]}},"from":0,"size":50,"sort":[],"facets":{}}
>>
>> _index
>> _type
>> _id
>> ▼
>> _score
>> timestamp
>> message
>> tags
>>
>> ossec-logstash-2014.02.05
>>  deploy
>>  1
>> 12.396167
>>  2014-02-04T 12:00:00
>>  Security scans
>> marks
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> but in Kibana I don't see any marks (even If I tried to query just
>> deploy.tags I have empty result in Kibana), in histogram query:
>>
>>   "size": 10,
>>   "query": {
>>     "filtered": {
>>       "query": {
>>         "query_string": {
>>           "query": "deploy.tags:\"marks\""
>>         }
>>       },
>>       "filter": {
>>         "bool": {
>>           "must": [
>>             {
>>               "range": {
>>                 "@timestamp": {
>>                   "from": 1391497422132,
>>                   "to": "now"
>>                 }
>>               }
>>             }
>>           ]
>>         }
>>       }
>>     }
>>   },
>>   "sort": [
>>     {
>>       "@timestamp": {
>>         "order": "desc"
>>       }
>>     },
>>
>> Marker setup in histogram:
>>
>> Markeer query: deploy.tags:"marks"
>> Tooltip field: @message
>> Sort: @timestamp
>>
>  --
> You received this message because you are subscribed to a topic in the
> Google Groups "elasticsearch" group.
> To unsubscribe from this topic, visit
> https://groups.google.com/d/topic/elasticsearch/VD1J5g127Wc/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to
> [email protected].
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/elasticsearch/799fc859-e55e-4fdf-8800-d3467e5790d3%40googlegroups.com
> .
>
> For more options, visit https://groups.google.com/groups/opt_out.
>



-- 
-- May the fox be with you ...
   /\
  (~(
   ) )         /\_/\
  (_=---_(@ @)
    (          \   /
    /|/----\|\  V
    " "     " "

-- 
You received this message because you are subscribed to the Google Groups 
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To view this discussion on the web visit 
https://groups.google.com/d/msgid/elasticsearch/CAN1zQ4anCdd4D54ybsjKgjvB5t6axh0F%3DMo1V_0FqGBX2wNUhg%40mail.gmail.com.
For more options, visit https://groups.google.com/groups/opt_out.

Reply via email to