Kibana 6 merging 2 filters The Next CEO of Stack OverflowFiltering in Elastic Search?Group by entire field value in Tire/ElasticSearchTimestamp difference in ElasticsearchElastic Search Date Histogram is not working for 24 hour FormatHow to write Elasticsearch multiple must scripts query?Filter results based on matched queryRight way access parent field in Elasticsearch nested aggs scriptIssue in updating elastic search fieldQuery Vs Filter in Elastic SearchKibana Scripted Painless Field filebeat IIS logs message returning null with values there
Reference request: Grassmannian and Plucker coordinates in type B, C, D
What day is it again?
TikZ: How to fill area with a special pattern?
Is dried pee considered dirt?
(How) Could a medieval fantasy world survive a magic-induced "nuclear winter"?
Is it professional to write unrelated content in an almost-empty email?
Graph of the history of databases
Film where the government was corrupt with aliens, people sent to kill aliens are given rigged visors not showing the right aliens
Towers in the ocean; How deep can they be built?
Is it ever safe to open a suspicious HTML file (e.g. email attachment)?
Can you teleport closer to a creature you are Frightened of?
Pulling the principal components out of a DimensionReducerFunction?
Is it convenient to ask the journal's editor for two additional days to complete a review?
How to find image of a complex function with given constraints?
IC has pull-down resistors on SMBus lines?
Do scriptures give a method to recognize a truly self-realized person/jivanmukta?
Where do students learn to solve polynomial equations these days?
What is the process for cleansing a very negative action
What steps are necessary to read a Modern SSD in Medieval Europe?
Aggressive Under-Indexing and no data for missing index
Does Germany produce more waste than the US?
What does "shotgun unity" refer to here in this sentence?
Why did early computer designers eschew integers?
What was Carter Burke's job for "the company" in Aliens?
Kibana 6 merging 2 filters
The Next CEO of Stack OverflowFiltering in Elastic Search?Group by entire field value in Tire/ElasticSearchTimestamp difference in ElasticsearchElastic Search Date Histogram is not working for 24 hour FormatHow to write Elasticsearch multiple must scripts query?Filter results based on matched queryRight way access parent field in Elasticsearch nested aggs scriptIssue in updating elastic search fieldQuery Vs Filter in Elastic SearchKibana Scripted Painless Field filebeat IIS logs message returning null with values there
I have 2 filters that work well :
1. Matches to the phrase "NA"
"query":
"match":
"region.keyword":
"query": "NA",
"type": "phrase"
2.Uses a scripted field that pulls filters to show all hours not between 0-7:
"script":
"script":
"inline": "boolean gte(Supplier s, def v) return s.get() >= v boolean lt(Supplier s, def v) return s.get() < vgte(() -> doc['@timestamp'].date.hourOfDay , params.gte) && lt(() -> doc['@timestamp'].date.hourOfDay , params.lt)",
"params":
"gte": 0,
"lt": 7,
"value": ">=0 <7"
,
"lang": "painless"
I would like to group this into one filter so its "NA hours not between 0-7" this way I can change the region and the times and still apply additional filters.
Also not sure how to add this kinda custom filter as adding a filter only allows me to put in 1 field
elasticsearch kibana kibana-6
asked Mar 7 at 18:19
chowpaychowpay
420617
add a comment |
I have 2 filters that work well :
1. Matches to the phrase "NA"
"query":
"match":
"region.keyword":
"query": "NA",
"type": "phrase"
2.Uses a scripted field that pulls filters to show all hours not between 0-7:
"script":
"script":
"inline": "boolean gte(Supplier s, def v) return s.get() >= v boolean lt(Supplier s, def v) return s.get() < vgte(() -> doc['@timestamp'].date.hourOfDay , params.gte) && lt(() -> doc['@timestamp'].date.hourOfDay , params.lt)",
"params":
"gte": 0,
"lt": 7,
"value": ">=0 <7"
,
"lang": "painless"
I would like to group this into one filter so its "NA hours not between 0-7" this way I can change the region and the times and still apply additional filters.
Also not sure how to add this kinda custom filter as adding a filter only allows me to put in 1 field
elasticsearch kibana kibana-6
asked Mar 7 at 18:19
chowpaychowpay
420617
add a comment |
I have 2 filters that work well :
1. Matches to the phrase "NA"
"query":
"match":
"region.keyword":
"query": "NA",
"type": "phrase"
2.Uses a scripted field that pulls filters to show all hours not between 0-7:
"script":
"script":
"inline": "boolean gte(Supplier s, def v) return s.get() >= v boolean lt(Supplier s, def v) return s.get() < vgte(() -> doc['@timestamp'].date.hourOfDay , params.gte) && lt(() -> doc['@timestamp'].date.hourOfDay , params.lt)",
"params":
"gte": 0,
"lt": 7,
"value": ">=0 <7"
,
"lang": "painless"
I would like to group this into one filter so its "NA hours not between 0-7" this way I can change the region and the times and still apply additional filters.
Also not sure how to add this kinda custom filter as adding a filter only allows me to put in 1 field
elasticsearch kibana kibana-6
asked Mar 7 at 18:19
chowpaychowpay
420617
I have 2 filters that work well :
1. Matches to the phrase "NA"
"query":
"match":
"region.keyword":
"query": "NA",
"type": "phrase"
2.Uses a scripted field that pulls filters to show all hours not between 0-7:
"script":
"script":
"inline": "boolean gte(Supplier s, def v) return s.get() >= v boolean lt(Supplier s, def v) return s.get() < vgte(() -> doc['@timestamp'].date.hourOfDay , params.gte) && lt(() -> doc['@timestamp'].date.hourOfDay , params.lt)",
"params":
"gte": 0,
"lt": 7,
"value": ">=0 <7"
,
"lang": "painless"
I would like to group this into one filter so its "NA hours not between 0-7" this way I can change the region and the times and still apply additional filters.
Also not sure how to add this kinda custom filter as adding a filter only allows me to put in 1 field
elasticsearch kibana kibana-6
elasticsearch kibana kibana-6
asked Mar 7 at 18:19
chowpaychowpay
420617
asked Mar 7 at 18:19
chowpaychowpay
420617
asked Mar 7 at 18:19
chowpaychowpay
420617
asked Mar 7 at 18:19
chowpaychowpay
420617
asked Mar 7 at 18:19
chowpaychowpay
420617
420617
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
Before you make use of visualizers and discover, make sure that you create index pattern under Management -> Index Pattern -> Create index pattern` and add the name of the index on which you'll be applying filters.
Now, combining the queries you've added in the question, the combined query would be something like below:
"query":
"bool":
"must": [
"region.keyword":
"query": "NA",
"type": "phrase"
,
"script":
"script":
"inline": "boolean gte(Supplier s, def v) return s.get() >= v boolean lt(Supplier s, def v) return s.get() < vgte(() -> doc['@timestamp'].date.hourOfDay , params.gte) && lt(() -> doc['@timestamp'].date.hourOfDay , params.lt)",
"params":
"gte": 0,
"lt": 7,
"value": ">=0 <7"
,
"lang": "painless"
]
Discover Section
In Discover section of Kibana, select the index name in index pattern section(refer to the link for the image) and then click on Add a filter, there in the right side you would see an option Edit Query DSL.
Copy and paste the above query. You should be able to see the results in Document Table i.e. the document details under the graph.
Visualizer
Well you have not mentioned in the question if this is related to a particular visualizer(or discover tab), however just like the way we've added filter in discover section, you can do so in the visualizers as well (say for e.g. in Metric Visualizer where you'll see Edit Query DSL section under Add a filter)
Let me know if this helps!
answered Mar 8 at 13:04
KamalKamal
2,46211022
This is pretty helpful though I got this error ` [parsing_exception] no [query] registered for [region.keyword], with line=1 & col=646 ` which is strange because it works fine when the script isnt joined. I finds the region.keyword just fine.
– chowpay
Mar 9 at 0:23
@chowpay, I've tried using a sample mapping and used itsfield.keywordand it works fine at my end. Including with script. Could you try to isolate the issue using basicmatchwithrange.keywordas well as with other fields and see if that works in theEdit Query DSL. Also remove"type": "phrase"in the first query you have. Check if at first both queries returns response via Kibana and then merge them.
– Kamal
Mar 9 at 9:16
add a comment |
StackExchange.ifUsing("editor", function ()
StackExchange.using("externalEditor", function ()
StackExchange.using("snippets", function ()
StackExchange.snippets.init();
);
);
, "code-snippets");
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "1"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f55050406%2fkibana-6-merging-2-filters%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
Before you make use of visualizers and discover, make sure that you create index pattern under Management -> Index Pattern -> Create index pattern` and add the name of the index on which you'll be applying filters.
Now, combining the queries you've added in the question, the combined query would be something like below:
"query":
"bool":
"must": [
"region.keyword":
"query": "NA",
"type": "phrase"
,
"script":
"script":
"inline": "boolean gte(Supplier s, def v) return s.get() >= v boolean lt(Supplier s, def v) return s.get() < vgte(() -> doc['@timestamp'].date.hourOfDay , params.gte) && lt(() -> doc['@timestamp'].date.hourOfDay , params.lt)",
"params":
"gte": 0,
"lt": 7,
"value": ">=0 <7"
,
"lang": "painless"
]
Discover Section
In Discover section of Kibana, select the index name in index pattern section(refer to the link for the image) and then click on Add a filter, there in the right side you would see an option Edit Query DSL.
Copy and paste the above query. You should be able to see the results in Document Table i.e. the document details under the graph.
Visualizer
Well you have not mentioned in the question if this is related to a particular visualizer(or discover tab), however just like the way we've added filter in discover section, you can do so in the visualizers as well (say for e.g. in Metric Visualizer where you'll see Edit Query DSL section under Add a filter)
Let me know if this helps!
answered Mar 8 at 13:04
KamalKamal
2,46211022
This is pretty helpful though I got this error ` [parsing_exception] no [query] registered for [region.keyword], with line=1 & col=646 ` which is strange because it works fine when the script isnt joined. I finds the region.keyword just fine.
– chowpay
Mar 9 at 0:23
@chowpay, I've tried using a sample mapping and used itsfield.keywordand it works fine at my end. Including with script. Could you try to isolate the issue using basicmatchwithrange.keywordas well as with other fields and see if that works in theEdit Query DSL. Also remove"type": "phrase"in the first query you have. Check if at first both queries returns response via Kibana and then merge them.
– Kamal
Mar 9 at 9:16
add a comment |
Before you make use of visualizers and discover, make sure that you create index pattern under Management -> Index Pattern -> Create index pattern` and add the name of the index on which you'll be applying filters.
Now, combining the queries you've added in the question, the combined query would be something like below:
"query":
"bool":
"must": [
"region.keyword":
"query": "NA",
"type": "phrase"
,
"script":
"script":
"inline": "boolean gte(Supplier s, def v) return s.get() >= v boolean lt(Supplier s, def v) return s.get() < vgte(() -> doc['@timestamp'].date.hourOfDay , params.gte) && lt(() -> doc['@timestamp'].date.hourOfDay , params.lt)",
"params":
"gte": 0,
"lt": 7,
"value": ">=0 <7"
,
"lang": "painless"
]
Discover Section
In Discover section of Kibana, select the index name in index pattern section(refer to the link for the image) and then click on Add a filter, there in the right side you would see an option Edit Query DSL.
Copy and paste the above query. You should be able to see the results in Document Table i.e. the document details under the graph.
Visualizer
Well you have not mentioned in the question if this is related to a particular visualizer(or discover tab), however just like the way we've added filter in discover section, you can do so in the visualizers as well (say for e.g. in Metric Visualizer where you'll see Edit Query DSL section under Add a filter)
Let me know if this helps!
answered Mar 8 at 13:04
KamalKamal
2,46211022
This is pretty helpful though I got this error ` [parsing_exception] no [query] registered for [region.keyword], with line=1 & col=646 ` which is strange because it works fine when the script isnt joined. I finds the region.keyword just fine.
– chowpay
Mar 9 at 0:23
@chowpay, I've tried using a sample mapping and used itsfield.keywordand it works fine at my end. Including with script. Could you try to isolate the issue using basicmatchwithrange.keywordas well as with other fields and see if that works in theEdit Query DSL. Also remove"type": "phrase"in the first query you have. Check if at first both queries returns response via Kibana and then merge them.
– Kamal
Mar 9 at 9:16
add a comment |
Before you make use of visualizers and discover, make sure that you create index pattern under Management -> Index Pattern -> Create index pattern` and add the name of the index on which you'll be applying filters.
Now, combining the queries you've added in the question, the combined query would be something like below:
"query":
"bool":
"must": [
"region.keyword":
"query": "NA",
"type": "phrase"
,
"script":
"script":
"inline": "boolean gte(Supplier s, def v) return s.get() >= v boolean lt(Supplier s, def v) return s.get() < vgte(() -> doc['@timestamp'].date.hourOfDay , params.gte) && lt(() -> doc['@timestamp'].date.hourOfDay , params.lt)",
"params":
"gte": 0,
"lt": 7,
"value": ">=0 <7"
,
"lang": "painless"
]
Discover Section
In Discover section of Kibana, select the index name in index pattern section(refer to the link for the image) and then click on Add a filter, there in the right side you would see an option Edit Query DSL.
Copy and paste the above query. You should be able to see the results in Document Table i.e. the document details under the graph.
Visualizer
Well you have not mentioned in the question if this is related to a particular visualizer(or discover tab), however just like the way we've added filter in discover section, you can do so in the visualizers as well (say for e.g. in Metric Visualizer where you'll see Edit Query DSL section under Add a filter)
Let me know if this helps!
answered Mar 8 at 13:04
KamalKamal
2,46211022
Before you make use of visualizers and discover, make sure that you create index pattern under Management -> Index Pattern -> Create index pattern` and add the name of the index on which you'll be applying filters.
Now, combining the queries you've added in the question, the combined query would be something like below:
"query":
"bool":
"must": [
"region.keyword":
"query": "NA",
"type": "phrase"
,
"script":
"script":
"inline": "boolean gte(Supplier s, def v) return s.get() >= v boolean lt(Supplier s, def v) return s.get() < vgte(() -> doc['@timestamp'].date.hourOfDay , params.gte) && lt(() -> doc['@timestamp'].date.hourOfDay , params.lt)",
"params":
"gte": 0,
"lt": 7,
"value": ">=0 <7"
,
"lang": "painless"
]
Discover Section
In Discover section of Kibana, select the index name in index pattern section(refer to the link for the image) and then click on Add a filter, there in the right side you would see an option Edit Query DSL.
Copy and paste the above query. You should be able to see the results in Document Table i.e. the document details under the graph.
Visualizer
Well you have not mentioned in the question if this is related to a particular visualizer(or discover tab), however just like the way we've added filter in discover section, you can do so in the visualizers as well (say for e.g. in Metric Visualizer where you'll see Edit Query DSL section under Add a filter)
Let me know if this helps!
answered Mar 8 at 13:04
KamalKamal
2,46211022
answered Mar 8 at 13:04
KamalKamal
2,46211022
answered Mar 8 at 13:04
KamalKamal
2,46211022
answered Mar 8 at 13:04
KamalKamal
2,46211022
2,46211022
This is pretty helpful though I got this error ` [parsing_exception] no [query] registered for [region.keyword], with line=1 & col=646 ` which is strange because it works fine when the script isnt joined. I finds the region.keyword just fine.
– chowpay
Mar 9 at 0:23
@chowpay, I've tried using a sample mapping and used itsfield.keywordand it works fine at my end. Including with script. Could you try to isolate the issue using basicmatchwithrange.keywordas well as with other fields and see if that works in theEdit Query DSL. Also remove"type": "phrase"in the first query you have. Check if at first both queries returns response via Kibana and then merge them.
– Kamal
Mar 9 at 9:16
add a comment |
This is pretty helpful though I got this error ` [parsing_exception] no [query] registered for [region.keyword], with line=1 & col=646 ` which is strange because it works fine when the script isnt joined. I finds the region.keyword just fine.
– chowpay
Mar 9 at 0:23
@chowpay, I've tried using a sample mapping and used itsfield.keywordand it works fine at my end. Including with script. Could you try to isolate the issue using basicmatchwithrange.keywordas well as with other fields and see if that works in theEdit Query DSL. Also remove"type": "phrase"in the first query you have. Check if at first both queries returns response via Kibana and then merge them.
– Kamal
Mar 9 at 9:16
This is pretty helpful though I got this error ` [parsing_exception] no [query] registered for [region.keyword], with line=1 & col=646 ` which is strange because it works fine when the script isnt joined. I finds the region.keyword just fine.
– chowpay
Mar 9 at 0:23
This is pretty helpful though I got this error ` [parsing_exception] no [query] registered for [region.keyword], with line=1 & col=646 ` which is strange because it works fine when the script isnt joined. I finds the region.keyword just fine.
– chowpay
Mar 9 at 0:23
@chowpay, I've tried using a sample mapping and used its
field.keyword and it works fine at my end. Including with script. Could you try to isolate the issue using basic match with range.keyword as well as with other fields and see if that works in the Edit Query DSL. Also remove "type": "phrase" in the first query you have. Check if at first both queries returns response via Kibana and then merge them.– Kamal
Mar 9 at 9:16
@chowpay, I've tried using a sample mapping and used its
field.keyword and it works fine at my end. Including with script. Could you try to isolate the issue using basic match with range.keyword as well as with other fields and see if that works in the Edit Query DSL. Also remove "type": "phrase" in the first query you have. Check if at first both queries returns response via Kibana and then merge them.– Kamal
Mar 9 at 9:16
add a comment |
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f55050406%2fkibana-6-merging-2-filters%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
