SingleStat value set by field within elk document

dolyak · February 26, 2018, 8:55pm

Hello all,
I am newer to grafana so this might be a silly question that I am just missing. I am trying to have a SingleStat panel (within grafana) display the value of a field from a ELK document. I would like to map the SingleStat value to the number found within the field “Exptime”. I can get my grafana SingleStat to display the count of documents sent but I need it to display the last documents value of “Exptime”. Is this possible?

Document from ELK: (I cleaned out hostnames and IP’s :-).
{
"_index": “health-2018.02.26”,
"_type": “health”,
"_id": “AWHThA6R6_mj73XdkMJy”,
"_version": 1,
"_score": null,
"_source": {
“severity”: “notice”,
“ldaphost”: “MYHOSTNAME”,
“programname”: “ldap-check”,
“procid”: “-”,
“message”: " LDAPCERT, STATUS=ERROR, Expire=47, ldaphost=MYHOSTNAME",
“type”: “health”,
“tags”: [
“ldapcheck”
],
“STATUS”: “ERROR”,
"@timestamp": “2018-02-26T19:08:21.000Z”,
"@version": “1”,
“host”: “MYIPADDRESS”,
“sysloghost”: “MYHOSTNAME”,
“facility”: “user”,
“Exptime”: “47”
},
“fields”: {
"@timestamp": [
1519672101000
]
},
“highlight”: {
“programname”: [
"@kibana-highlighted-field@ldap@/kibana-highlighted-field@-@kibana-highlighted-field@check@/kibana-highlighted-field@"
],
“message”: [
" @kibana-highlighted-field@LDAPCERT@/kibana-highlighted-field@, STATUS=ERROR, Expire=47, ldaphost=MYHOSTNAME"
]
},
“sort”: [
1519672101000
]
}

anon34853223 · February 27, 2018, 10:07am

Hi,

You need to use an aggregate function, like max, which will return the max of Exptime in your example per interval. Then you select the Stat=Current in options tab.

I imagine a query similar to this example would work for you: http://play.grafana.org/d/000000014/elasticsearch-metrics?orgId=1&panelId=1&fullscreen&edit

Marcus

dolyak · February 28, 2018, 3:06pm

Thank you for the reply. I went down that road this morning which lead us to this:

Add int to the grok filter to bring that value in as a integer
example: %{WORD}=%{NUMBER:Exptime:int}
Reset the index in ELK (delete index and allow it to re add its self)
In grafana singlestat set metric to Extended Stats → Exptime → Stats: Min
refresh the panel and BAM your data is there.

I was just missing the grok bring in Exptime as a integer.

Thank you for your help. Have a good day.

Topic		Replies	Views
Singlestat panel with filters aggregation Elasticsearch	0	690	February 27, 2019
Trying to Display Multiple Values in Singlestat for Elastic Search Data source Elasticsearch	0	479	August 27, 2019
How do I get a current value from a regular expression to show in SingleStat Grafana	1	685	June 4, 2018
How to pass value of some field ELK (it looks like 640 / 633) to SingleStat? Elasticsearch	0	457	December 12, 2018
Can I skip group-by for singlestat metric? Elasticsearch	3	3515	January 13, 2021

SingleStat value set by field within elk document

Related topics