Using the above template variable with Regex I can extract file extensions to show things like “.png” or “.jpg”. However I can’t seem to figure out how to then use those later in a panel, to only graph documents which matched the regex with the selected extensions. Or even to group by those extensions. Is this possible?
I can sometimes filter within a Lucene Query for a panel via @request_path:*+$extensions but this sometimes seems to match other documents as well (it doesn’t seem to care about capitalization or whether it is preceded by the period or not). And is there a way to graph them separately as different series?
Thanks for your help
Did you figure this out? Maybe you have to escape the dot in “.png” or “.jpg” with backslash: \
Thanks, but unfortunately not. I’m confident the regex was extracting the extensions properly (and with a large enough size for the query it was catching most of them), but then using that regex capture in the wildcard Lucene query wasn’t working. I probably don’t understand Lucene syntax well enough, and it’s possible that such regex-type matching can’t be done with Lucene’s wildcards. In any event it seemed like I was trying to put two things together that were never meant to pipeline like that.
I ended up settling for the much more robust Elasticsearch regex filtering implemented in the ad-hoc filter. Unfortunately this means the user of the dashboard must know ahead of time which extensions they’d like to include (or exclude) and they must understand ES’s regex, but it does work for general data source filtering.
The real thing that would be nice to do but I cannot is to graph the different extensions as series. The only way I can currently think of doing that would be to preprocess the data before putting it in the database to have an extra field for extension.
Not sure if I’ll use this, but if any future people are also new to ES/Grafana/Lucene and are trying to figure out how to do regex within a query if you do @field:*ext it’ll use the wildcard approach. To do regex you should do @field:/.*regex/
3 Likes
