Thanks for reply, actually If I copy whole search query from histogram
(Kibana3 - Inspect) and run it in shell I get results,
but not getting anything in graph itself -
https://gist.github.com/VAdamec/8859892 result is:
{
"took" : 5,
"timed_out" : false,
"_shards" : {
"total" : 96,
"successful" : 96,
"failed" : 0
},
"hits" : {
"total" : 11,
"max_score" : 1.0,
"hits" : [ {
"_index" : "ossec-logstash-2014.02.05",
"_type" : "deploy",
"_id" : "7",
"_score" : 1.0, "_source" : {
"timestamp" : "2014-02-05T16:00:00",
"message" : "QUALYS internal linux system",
"tags" : "marks"
}
}, {
"_index" : "ossec-logstash-2014.02.05",
"_type" : "deploy",
"_id" : "8",
"_score" : 1.0, "_source" : {
"timestamp" : "2014-02-06T8:30:00",
"message" : "QUALYS internal linux system",
"tag" : "marks"
}
}, {
"_index" : "ossec-logstash-2014.02.05",
"_type" : "deploy",
"_id" : "S94z2ZE3QKOWFJTk4sH1dw",
"_score" : 1.0, "_source" : {"query_string" : { "query":
"deploy_tags:\"marks\""}}
}, {
"_index" : "ossec-logstash-2014.02.05",
"_type" : "deploy",
"_id" : "2C78qfQ8SnauY98Z-z_g5A",
"_score" : 1.0, "_source" : {"query_string" : { "query":
"deploy_tags:\"marks\""}}
}, {
"_index" : "ossec-logstash-2014.02.05",
"_type" : "deploy",
"_id" : "3",
"_score" : 1.0, "_source" : {
"message" : "QUALYS internal linux system"
}
}, {
"_index" : "ossec-logstash-2014.02.05",
"_type" : "deploy",
"_id" : "4",
"_score" : 1.0, "_source" : {
"timestamp" : "2014-02-04T12:00:00",
"message" : "QUALYS internal linux system"
}
}, {
"_index" : "ossec-logstash-2014.02.05",
"_type" : "deploy",
"_id" : "5",
"_score" : 1.0, "_source" : {
"timestamp" : "2014-02-03T12:00:00",
"message" : "QUALYS external linux system"
}
}, {
"_index" : "ossec-logstash-2014.02.05",
"_type" : "deploy",
"_id" : "OfW9bP-ySsO4Vdi5CXIrHQ",
"_score" : 1.0, "_source" : {"query_string" : { "query":
"_type:deploy"}}
}, {
"_index" : "ossec-logstash-2014.02.05",
"_type" : "deploy",
"_id" : "6",
"_score" : 1.0, "_source" : {
"timestamp" : "2014-02-04T12:00:00",
"message" : "QUALYS internal linux system",
"tags" : "marks"
}
}, {
"_index" : "ossec-logstash-2014.02.05",
"_type" : "deploy",
"_id" : "1",
"_score" : 1.0, "_source" : {
"timestamp" : "2014-02-05T12:00:00",
"message" : "QUALYS internal linux system",
"tag" : "marks"
}
} ]
}
}
On Thu, Feb 6, 2014 at 3:01 PM, Binh Ly <[email protected]> wrote:
> Vaclav:
>
> This works fine for me. Can you please verify that the field names match
> correctly. In your example below, the document has a field "tag" but your
> marker query is using deploy."tags". Just double check to see that
> everything matches. Also if it still doesn't work, try just using "tag" in
> the marker query, like for example tag:marks. Other than that I see there
> is a range filter on your timestamp field so double check to make sure it
> is actually matching documents in that range that have values for tag.
>
>
> On Thursday, February 6, 2014 2:15:30 AM UTC-5, Vaclav Adamec wrote:
>>
>> Hi,
>> I would like to humbly ask for some example how to use markers in
>> Kibana3 histograms as I unable to get it run. What I unsuccessfully tried
>> is bellow, definitely I miss something. Thanks
>>
>> curl -XPUT 'http://localhost:9200/ossec-logstash-2014.02.05/deploy/1' -d
>> '{
>> "timestamp" : "2014-02-05T12:00:00",
>> "message" : "Security scans",
>> "tag" : "marks"
>> }'
>>
>> via head plugin query search I can get it:
>>
>> {"query":{"bool":{"must":[{"term":{"deploy.tags":"marks"}}
>> ],"must_not":[],"should":[]}},"from":0,"size":50,"sort":[],"facets":{}}
>>
>> _index
>> _type
>> _id
>> ▼
>> _score
>> timestamp
>> message
>> tags
>>
>> ossec-logstash-2014.02.05
>> deploy
>> 1
>> 12.396167
>> 2014-02-04T 12:00:00
>> Security scans
>> marks
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> but in Kibana I don't see any marks (even If I tried to query just
>> deploy.tags I have empty result in Kibana), in histogram query:
>>
>> "size": 10,
>> "query": {
>> "filtered": {
>> "query": {
>> "query_string": {
>> "query": "deploy.tags:\"marks\""
>> }
>> },
>> "filter": {
>> "bool": {
>> "must": [
>> {
>> "range": {
>> "@timestamp": {
>> "from": 1391497422132,
>> "to": "now"
>> }
>> }
>> }
>> ]
>> }
>> }
>> }
>> },
>> "sort": [
>> {
>> "@timestamp": {
>> "order": "desc"
>> }
>> },
>>
>> Marker setup in histogram:
>>
>> Markeer query: deploy.tags:"marks"
>> Tooltip field: @message
>> Sort: @timestamp
>>
> --
> You received this message because you are subscribed to a topic in the
> Google Groups "elasticsearch" group.
> To unsubscribe from this topic, visit
> https://groups.google.com/d/topic/elasticsearch/VD1J5g127Wc/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to
> [email protected].
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/elasticsearch/799fc859-e55e-4fdf-8800-d3467e5790d3%40googlegroups.com
> .
>
> For more options, visit https://groups.google.com/groups/opt_out.
>
--
-- May the fox be with you ...
/\
(~(
) ) /\_/\
(_=---_(@ @)
( \ /
/|/----\|\ V
" " " "
--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/CAN1zQ4anCdd4D54ybsjKgjvB5t6axh0F%3DMo1V_0FqGBX2wNUhg%40mail.gmail.com.
For more options, visit https://groups.google.com/groups/opt_out.
