Display subset of data based on string pattern on template variable dropdown in table panel

swathimuppalla · August 29, 2019, 2:20pm

Grafana Version: 6.2.5
Elastic search
I have logs data with pattern ERR,INFO,DEBUG
Example “data_ERR_notconnected”, “sys_INFO_connected”, “sys_DEBUG_network”
I am trying to create template variable for ‘marker’ with variable dropdown as ERR,INFO,DEBUG. So when ERR is clicked from dropdown only error based data is displayed in table format panel.
Screenshot%20(38)

I am using regex as /.*(ERR|INFO|SH)/ but i dont see any change in response. Any idea would be helpful? @torkel @tiagocruz @daniellee @mefraimsson

tiagocruz · August 29, 2019, 2:48pm

Hello swathimuppalla,

Here some example:

ES Query usage example:

clientInfo.customerId:$customerId

Variables:

Hope this helps you somehow!

swathimuppalla · August 29, 2019, 3:08pm

Hi @tiagocruz Thank you for your response. The custom variable you created have limited values which would work. But the data i have is huge and i have index name marker with all the data.
In Custom all value you have given a range of [0 to 50000]. How do I give a range for string like [ERROR]?

mefraimsson · September 5, 2019, 3:28pm

Not sure I understand what you need help with. Is it the query where you’re trying to use the selected template variable or is it the regex?

swathimuppalla · September 5, 2019, 3:33pm

Template variable “marker” will get the values which consists of different logs… example “data_ERR_notconnected”, “sys_INFO_connected”, “sys_DEBUG_network”. I am trying do changes in regex of variable “marker” so that “ERR” will display only error related logs and INFO will display only info related logs in panel etc…

mefraimsson · September 5, 2019, 3:40pm

Your screenshot of the variable drop down looks correct to me so I guess you’re having problems using that variable in your query. Can you show a screenshot of your query your using and possibly a dump of the query inspector output to understand where things go wrong?

mefraimsson · September 6, 2019, 4:36pm

@swathimuppalla in your query where you have an existing lucene query version.keyword:$version you probably need to filter by marker.keyword as well. For example version.keyword:$version AND marker.keyword:$marker.

swathimuppalla · September 10, 2019, 1:34pm

@mefraimsson I have tried all kind of regex such as
/.*[Err: _ERR_|Info: _INFO_|Sh: _SH_| Warn: _WARN_| Error: _ERROR_].*/ and tried using tags too. But tags query too displays all kind of markers. Any solution would be helpful for my project?

swathimuppalla · September 18, 2019, 6:02pm

It is working now, In lucene query I have specified version.keyword:$version AND marker.keyword: /.*$marker.*/ So regex expression takes the pattern from template variable