-
What Grafana version and what operating system are you using?
Grafana v7.5.13 (7b6cadf646) -
What are you trying to achieve?
Show table that I have configured in Kibana in Grafana Dashboard. -
How are you trying to achieve it?
- Select data source that my colleagues have configured.
- From Kibana I open my saved Search, Select Inspect, Request and copy that to Grafana Query field.
a. This table reads data from Palo Alto firewall, had multiple NOT filters to reduce noise and should have three columns - Time, Thread ID and User. - In Grafana I can choose fields in Group By and Then By sections. I presume that this means that connection to Kibana instance works Ok, as they get populated.
- No data message in Panel.
-
What happened?
Nothing shows up in panel. -
What did you expect to happen?
Same table that I see in Kibana to appear in Grafana. -
Can you copy/paste the configuration(s) that you are having problems with?
Query:
{
“version”: true,
“size”: 10000,
“sort”: [
{
“ts”: {
“order”: “desc”,
“unmapped_type”: “boolean”
}
}
],
“_source”: {
“excludes”:
},
“aggs”: {
“2”: {
“date_histogram”: {
“field”: “ts”,
“interval”: “3h”,
“time_zone”: “UTC”,
“min_doc_count”: 1
}
}
},
“stored_fields”: [
“"
],
“script_fields”: {},
“docvalue_fields”: [
{
“field”: “ts”,
“format”: “date_time”
}
],
“query”: {
“bool”: {
“must”: [
{
“range”: {
“ts”: {
“format”: “strict_date_optional_time”,
“gte”: “2024-01-05T07:53:05.504Z”,
“lte”: “2024-01-12T07:53:05.504Z”
}
}
}
],
“filter”: [
{
“match_all”: {}
}
],
“should”: [],
“must_not”: [
{
“match_phrase”: {
“threat_id”: {
“query”: “(9999)”
}
}
},
{
“match_phrase”: {
“severity”: {
“query”: “low”
}
}
},
{
“match_phrase”: {
“url”: {
“query”: “msix.dll”
}
}
},
{
“match_phrase”: {
“threat_id”: {
“query”: “TCP SYN with data(8723)”
}
}
},
{
“match_phrase”: {
“threat_id”: {
“query”: “SSH User Authentication Brute Force Attempt(40015)”
}
}
},
{
“match_phrase”: {
“threat_id”: {
“query”: “SMB: User Password Brute Force Attempt(40004)”
}
}
},
{
“match_phrase”: {
“threat_id”: {
“query”: “Suspicious Network Connection Probing Detection(85790)”
}
}
},
{
“match_phrase”: {
“threat_id”: {
“query”: “UDP Flood(8502)”
}
}
},
{
“match_phrase”: {
“threat_id”: {
“query”: “ICMP Flood(8503)”
}
}
},
{
“match_phrase”: {
“url”: {
“query”: “b.c2r.ts.cdn.office.net/pr/55336b82-a18d-4dd6-b5f6-9e5095c314a6/Office/Data/16.0.16529.20226/i640.c2rx”
}
}
},
{
“match_phrase”: {
“threat_id”: {
“query”: “HTTP: User Authentication Brute Force Attempt(40006)”
}
}
},
{
“match_phrase”: {
“threat_id”: {
“query”: “HTTP Unauthorized Brute Force Attack(40031)”
}
}
}
]
}
},
“highlight”: {
“pre_tags”: [
“@kibana-highlighted-field@”
],
“post_tags”: [
“@/kibana-highlighted-field@”
],
“fields”: {
"”: {}
},
“fragment_size”: 2147483647
}
}
-
Did you receive any errors in the Grafana UI or in related logs? If so, please tell us exactly what they were.
No errors.
When using Query inspector, this is what I see:
I’m bit at loss - is this error or is this just regular response that indicates connection Ok?
- Did you follow any online instructions? If so, what is the URL?
Sorry, bits and pieces here and there.
If this is something that has been described in one single thread, let me know.