Elasticsearch data source how to limit fields

chowpay · May 27, 2024, 9:13pm

What Grafana version and what operating system are you using?
Grafana v10.4.2
What are you trying to achieve?
Currently connected to elasticsearch data source. I want to create a table by using the logs but I want to limit the columns shown.
How are you trying to achieve it?
I tried 2 approahes:

Transfrom data (for tables). >> Organize fields by name >>Hide each of the fields except for the ones I want to display
Override, using regex: ^(?!@source_timestamp$|event_severity$|label$).+$ This kinda works so it hides everything except for the values in the parenthesis
Lucene: _fields: ["@source_timestamp","event_severity", "label"]

What happened?

works visually, extremely tedious if there are a lot of fields. If the field list grows it wont hide it
works visually, but im guessing its querying the whole table and filtering out. would rather only query for what I need
does not work but I would like to use this because it doesn’t query the whole table just to get the 3 fields I need

What did you expect to happen?
I expected only 3 fields to appear when using Lucene but I simply cannot get lucene to work properly

jangaraj · May 27, 2024, 11:40pm

I would try to select is as metric - count with grouping for all selected fields, which needs to be in the result + count column will be hidden in the final table. E.g.:

Of course there are edge cases where it may miss some logs, but you should know if it may happen with your data,

chowpay · May 28, 2024, 4:58pm

I’m using the log type because I don’t need to aggregate the fields just need to display it. Is it not possible to limit the query via lucene? Or am I thinking of this in correctly. Very new to Grafana. I could use count but then its aggregating

jangaraj · May 28, 2024, 5:19pm

If you think “I must to use log query”, then no. I gave you idea out of box, so your choice - stick with your “must” or try something what someone recommend you to explore.

chowpay · May 28, 2024, 11:06pm

Hi, I think your idea is great so don’t take any offense by it. I guess I need to preface this by saying I’m trying to learn more on how I can use Lucene to do queries for elastic and why the current lucene command doesnt work.

yosiasz · May 29, 2024, 12:20am

maybe try infinity datasource plugin instead by calling url:9200

chowpay · June 1, 2024, 5:49pm

oh this is cool just reading about it now. Ok maybe this will work thanks!

Topic		Replies	Views
Lucene query filter for elasticsearch data source field and set up alert on grafana Elasticsearch api , alerting	0	1687	December 5, 2022
Multiple table colums Table Panel	10	23509	December 9, 2019
Grafana/Elasticsearch field equals X value query Elasticsearch	4	6238	June 9, 2020
Is it possible to query logs using the Lucene query in the OpenSearch datasource? Grafana plugins , elasticsearch , datasource	2	1350	October 19, 2023
How To get a column per field count Elasticsearch	1	998	August 1, 2018

Elasticsearch data source how to limit fields

Related topics