Wildcard in metric field when using Elasticsearch

pyttei · August 3, 2022, 8:27am

I would need to sum a fields matching a certain pattern together, but apparently it is not possible to use wildcard in metric sum field? Are there other ways to do this?

For example I would want to sum:

failure.testFailed: 1
failure.failedToReserveEnv: 3

sum failure.* = 4

What Grafana version and what operating system are you using?
8.3.4
What is your datasource?
Elasticsearch
What happened?
Nothing is being returned so Grafana doesn’t expect wildcard.
What did you expect to happen?
Wildcard being possible and Grafana summing the fields.

usman.ahmad · August 3, 2022, 9:40am

Hi @pyttei ,

Thanks for opening this post.

Please review the submission template and include more details:

What Grafana version and what operating system are you using?
What is your datasource?
What are you trying to achieve?
How are you trying to achieve it?
What happened?
What did you expect to happen?
Can you copy/paste the configuration(s) that you are having problems with?
Did you receive any errors in the Grafana UI or in related logs? If so, please tell us exactly what they were.
Did you follow any online instructions? If so, what is the URL?

pyttei · August 3, 2022, 9:55am

Added more info to the original post

pyttei · August 5, 2022, 6:51am

Still looking for answer

pyttei · August 8, 2022, 6:33am

Still looking for answer #2

usman.ahmad · August 9, 2022, 8:49am

I think this might be doable via Transform.

You will need to use the right one so that you can get the desired results.

Have you already tried Transform?

pyttei · August 9, 2022, 8:59am

Yes I have tried all kinds of transformations but I have yet to find how to use them in my situation. Also it seems to be not possible to use variables in transformations, so it would not be useful in my situation as I would need variable with the wildcard.

For example:
failure.${var}*

usman.ahmad · August 9, 2022, 9:28am

Thanks.

Well I have not much experience with Elasticsearch data source but I still dig around and found some similar posts which might help you e.g.

1 -Regular Expression in Query

2- Grafana Regex Query

3- How does wildcard works?

4- Use Wildcard in Constant Variable

Also, a couple of links to the documentation as it states that it uses the lucerne query and wildcard or regex is possible;

and

It might give you some more information or otherwise, community members will try to help you once you update your post after trying out the above.

jlau · August 9, 2022, 11:12am

Hi pyttei,

I use a bucket script to sum over several fields.
Use a sum-metirc for each field, and than you can use a bucketscript to add all fields.
This approach only is usable for a distinct number of fields.

pyttei · August 9, 2022, 11:37am

Hi @jlau
Thanks for the suggestion, however this is not usable in my situation, since I will not know precisely what the field names will be, this is why I need wildcard.

pyttei · August 9, 2022, 11:41am

Hi @usman.ahmad

Thanks for your suggestions. However, unfortunately these do not help in my situation.

bob454522 · August 3, 2023, 8:16pm

Im pretty sure im in the same boat as this poster, It’s no doubt due to my lack of proficiency in ES,

However in this image below I’m just trying to get a wild card to match any 192.168.1.*

I can get client.ip:* to match all, but no matter what I try cant get a wild card to work.

any ideas?

works:

does not work (just a few examples, to show what im trying to get, as ive tried 50+ different variations of this based on reading docs and google searches):