Hi everyone! We installed Graylog couple of months ago and since it we need to improve the dashboards we decided to try Grafana.
I installed it and connected the elasticsearch database of Graylog to it. I see some information and i can list the fields so that’s working fine.
The issue is that i don’t know how i can filter by a single field. In Graylog every message (an object inside a index in elasticseach as far as i know) comes with a “source” field and i can look for messages only from that source (an specific server) by writing source:SERVER_NAME but it doesn’t work in Grafana for some reason.
In the Explore option of Grafana both in metrics and logs i can filter the objects by writting source:SERVER_NAME on the lucene query field and then messing with the metrics and grouping.I even see the changes in the ammount of returned values by adding and removing source:SERVER_NAME in the lucene query field.
But when i go to the dashboard is bringing me all the messages.
Just to make a test I created this query:
Query: source:SERVER_NAME
Metric: Count
Group by: Terms - Source, top 10, order by term value
The resulting table brings me the count of every object and i see several server in the source column, some of them with values.
Do you know what i am doing wrong?
Here are info of my system:
SO: CentOS 7
Grafana: v7.0.0
Graylog: v3.2.1
Elasticsearch: v6.8.6
I appreciate any help you can provide. I managed to make everything else by looking in Google but i can’t find an answer of this.
I haven’t had time to test the theory yet,
But I think (in 7.0) the groupby term doesn’t take the query itself into account. Which results in groups without data also being visible.
You can toggle these empty values with the switches in the “Legend” panel of the plug-in.
A similar item was posted here: Grafana 7.0 Query Result different with Kibana result in Lucene query format
Although it shows the items, data for the items is filtered out
I am not seeing the option that you mention. I am using the Table visualization first to get an idea what data is being selected but i am not seeing the option, i even took a look at the screen that you attached in the post but i still can’t find it.
Also, for what you are telling me and according to my test it seems that there is in fact a bug in this new version with the queries.
Does anyone else have any idea about this issue?