How to make one discover table link to another discover table in Dashboard or elsewhere?











up vote
0
down vote

favorite












I'm using elasticsearch + kibana + logstash + filebeat latest 6.4.1 to collect and analyze web logs. The columns of my log are like:



timestamp, http_method, request_uri, http_status, host, user_agent, client_ip, client_port



I have configured ELK to show my logs in Kibana. But now I want to see my logs in sessions. I hope the log lines can be grouped by session and shown in Kibana's Discover page. In my scenario, the log lines with the same (host, client_ip) belong to the same session.



I hope to have this:






  1. Session table



    name, client_ip, host



    session1, www.google.com, 1.2.3.4



    session2, www.bing.com, 5.6.7.8



    session3, www.google.com, 4.3.2.1





When I click one of the above session (e.g., session1), I can see all the records of that session in the following 2nd table:






  1. Log table



    timestamp, http_method, request_uri, http_status, host, user_agent, client_ip, client_port



    20181105, 21:33:17.773, POST, /index.html, 200, www.google.com, chrome 59, 1.2.3.4, 1234



    20181105, 21:33:18.773, POST, /abc.html, 200, www.google.com, chrome 59, 1.2.3.4, 1234



    20181105, 21:33:19.773, POST, /index.html, 404, www.google.com, chrome 59, 1.2.3.4, 5678





I know Elasticsearch does flat indexing, it's not easy to have hierarchy between documents. I'm OK to create separated indices for the above two tables. I know Dashboard can show two Discover tables at the same time. But my question is:



How to link these two tables? When I click one item in the Session table, the Log table will show corresponding contents?



Or is there any other way to fulfill my requirement (view session-based logs easily in Kibana)? Thanks.




UPDATE



The index for Log table contains the session field, which can be session1, session2, etc. Both indices are under my control. So I can add any field if needed.






elasticsearch kibana kibana-6







share|improve this question
























  • Does the log table/index also have a field containing the session name, i.e. session1?
    – Val
    Nov 8 at 4:48












  • @Val yes, the index is under my control. I can add any field if needed.
    – Yang Luo
    Nov 8 at 4:53















up vote
0
down vote

favorite












I'm using elasticsearch + kibana + logstash + filebeat latest 6.4.1 to collect and analyze web logs. The columns of my log are like:



timestamp, http_method, request_uri, http_status, host, user_agent, client_ip, client_port



I have configured ELK to show my logs in Kibana. But now I want to see my logs in sessions. I hope the log lines can be grouped by session and shown in Kibana's Discover page. In my scenario, the log lines with the same (host, client_ip) belong to the same session.



I hope to have this:






  1. Session table



    name, client_ip, host



    session1, www.google.com, 1.2.3.4



    session2, www.bing.com, 5.6.7.8



    session3, www.google.com, 4.3.2.1





When I click one of the above session (e.g., session1), I can see all the records of that session in the following 2nd table:






  1. Log table



    timestamp, http_method, request_uri, http_status, host, user_agent, client_ip, client_port



    20181105, 21:33:17.773, POST, /index.html, 200, www.google.com, chrome 59, 1.2.3.4, 1234



    20181105, 21:33:18.773, POST, /abc.html, 200, www.google.com, chrome 59, 1.2.3.4, 1234



    20181105, 21:33:19.773, POST, /index.html, 404, www.google.com, chrome 59, 1.2.3.4, 5678





I know Elasticsearch does flat indexing, it's not easy to have hierarchy between documents. I'm OK to create separated indices for the above two tables. I know Dashboard can show two Discover tables at the same time. But my question is:



How to link these two tables? When I click one item in the Session table, the Log table will show corresponding contents?



Or is there any other way to fulfill my requirement (view session-based logs easily in Kibana)? Thanks.




UPDATE



The index for Log table contains the session field, which can be session1, session2, etc. Both indices are under my control. So I can add any field if needed.






elasticsearch kibana kibana-6







share|improve this question
























  • Does the log table/index also have a field containing the session name, i.e. session1?
    – Val
    Nov 8 at 4:48












  • @Val yes, the index is under my control. I can add any field if needed.
    – Yang Luo
    Nov 8 at 4:53













up vote
0
down vote

favorite









up vote
0
down vote

favorite











I'm using elasticsearch + kibana + logstash + filebeat latest 6.4.1 to collect and analyze web logs. The columns of my log are like:



timestamp, http_method, request_uri, http_status, host, user_agent, client_ip, client_port



I have configured ELK to show my logs in Kibana. But now I want to see my logs in sessions. I hope the log lines can be grouped by session and shown in Kibana's Discover page. In my scenario, the log lines with the same (host, client_ip) belong to the same session.



I hope to have this:






  1. Session table



    name, client_ip, host



    session1, www.google.com, 1.2.3.4



    session2, www.bing.com, 5.6.7.8



    session3, www.google.com, 4.3.2.1





When I click one of the above session (e.g., session1), I can see all the records of that session in the following 2nd table:






  1. Log table



    timestamp, http_method, request_uri, http_status, host, user_agent, client_ip, client_port



    20181105, 21:33:17.773, POST, /index.html, 200, www.google.com, chrome 59, 1.2.3.4, 1234



    20181105, 21:33:18.773, POST, /abc.html, 200, www.google.com, chrome 59, 1.2.3.4, 1234



    20181105, 21:33:19.773, POST, /index.html, 404, www.google.com, chrome 59, 1.2.3.4, 5678





I know Elasticsearch does flat indexing, it's not easy to have hierarchy between documents. I'm OK to create separated indices for the above two tables. I know Dashboard can show two Discover tables at the same time. But my question is:



How to link these two tables? When I click one item in the Session table, the Log table will show corresponding contents?



Or is there any other way to fulfill my requirement (view session-based logs easily in Kibana)? Thanks.




UPDATE



The index for Log table contains the session field, which can be session1, session2, etc. Both indices are under my control. So I can add any field if needed.






elasticsearch kibana kibana-6







share|improve this question















I'm using elasticsearch + kibana + logstash + filebeat latest 6.4.1 to collect and analyze web logs. The columns of my log are like:



timestamp, http_method, request_uri, http_status, host, user_agent, client_ip, client_port



I have configured ELK to show my logs in Kibana. But now I want to see my logs in sessions. I hope the log lines can be grouped by session and shown in Kibana's Discover page. In my scenario, the log lines with the same (host, client_ip) belong to the same session.



I hope to have this:






  1. Session table



    name, client_ip, host



    session1, www.google.com, 1.2.3.4



    session2, www.bing.com, 5.6.7.8



    session3, www.google.com, 4.3.2.1





When I click one of the above session (e.g., session1), I can see all the records of that session in the following 2nd table:






  1. Log table



    timestamp, http_method, request_uri, http_status, host, user_agent, client_ip, client_port



    20181105, 21:33:17.773, POST, /index.html, 200, www.google.com, chrome 59, 1.2.3.4, 1234



    20181105, 21:33:18.773, POST, /abc.html, 200, www.google.com, chrome 59, 1.2.3.4, 1234



    20181105, 21:33:19.773, POST, /index.html, 404, www.google.com, chrome 59, 1.2.3.4, 5678





I know Elasticsearch does flat indexing, it's not easy to have hierarchy between documents. I'm OK to create separated indices for the above two tables. I know Dashboard can show two Discover tables at the same time. But my question is:



How to link these two tables? When I click one item in the Session table, the Log table will show corresponding contents?



Or is there any other way to fulfill my requirement (view session-based logs easily in Kibana)? Thanks.




UPDATE



The index for Log table contains the session field, which can be session1, session2, etc. Both indices are under my control. So I can add any field if needed.






elasticsearch kibana kibana-6




elasticsearch kibana kibana-6






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Nov 8 at 5:38

























asked Nov 8 at 4:42









Yang Luo

8211337




8211337












  • Does the log table/index also have a field containing the session name, i.e. session1?
    – Val
    Nov 8 at 4:48












  • @Val yes, the index is under my control. I can add any field if needed.
    – Yang Luo
    Nov 8 at 4:53


















  • Does the log table/index also have a field containing the session name, i.e. session1?
    – Val
    Nov 8 at 4:48












  • @Val yes, the index is under my control. I can add any field if needed.
    – Yang Luo
    Nov 8 at 4:53
















Does the log table/index also have a field containing the session name, i.e. session1?
– Val
Nov 8 at 4:48






Does the log table/index also have a field containing the session name, i.e. session1?
– Val
Nov 8 at 4:48














@Val yes, the index is under my control. I can add any field if needed.
– Yang Luo
Nov 8 at 4:53




@Val yes, the index is under my control. I can add any field if needed.
– Yang Luo
Nov 8 at 4:53












1 Answer
1






active

oldest

votes

















up vote
1
down vote



accepted










What I would do is to add a session field in the log table containing the same session name as in the session table for each log line. That's going to be your "join key".



Then, you can create one sessions index and another logs index. Both indexes must have that session field. Then go in Kibana and can create one index-pattern for each index.



Next, go to the Discover tab and create one saved search per index pattern, you now should have a saved search named "Logs" and another one named "Sessions".



Finally, head to the Dashboard tab and add the two saved searches you created previously. On the screenshot below, you can see that when hovering over the session field you can filter by that field. If you click on (e.g.) session2, then both tables will be filtered accordingly, thus achieving what you need.



enter image description here






share|improve this answer





















  • any luck with this?
    – Val
    Nov 10 at 10:28










  • thank you very much! This solution exactly did what I want! This is even better than what I thought, because I can filter on other fields in the "Sessions" window instead of just session ID.
    – Yang Luo
    Nov 22 at 3:28












  • Awesome, glad it helped!
    – Val
    Nov 22 at 5:16











Your Answer






StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});














draft saved

draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53201662%2fhow-to-make-one-discover-table-link-to-another-discover-table-in-dashboard-or-el%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown

























1 Answer
1






active

oldest

votes








1 Answer
1






active

oldest

votes









active

oldest

votes






active

oldest

votes








up vote
1
down vote



accepted










What I would do is to add a session field in the log table containing the same session name as in the session table for each log line. That's going to be your "join key".



Then, you can create one sessions index and another logs index. Both indexes must have that session field. Then go in Kibana and can create one index-pattern for each index.



Next, go to the Discover tab and create one saved search per index pattern, you now should have a saved search named "Logs" and another one named "Sessions".



Finally, head to the Dashboard tab and add the two saved searches you created previously. On the screenshot below, you can see that when hovering over the session field you can filter by that field. If you click on (e.g.) session2, then both tables will be filtered accordingly, thus achieving what you need.



enter image description here






share|improve this answer





















  • any luck with this?
    – Val
    Nov 10 at 10:28










  • thank you very much! This solution exactly did what I want! This is even better than what I thought, because I can filter on other fields in the "Sessions" window instead of just session ID.
    – Yang Luo
    Nov 22 at 3:28












  • Awesome, glad it helped!
    – Val
    Nov 22 at 5:16















up vote
1
down vote



accepted










What I would do is to add a session field in the log table containing the same session name as in the session table for each log line. That's going to be your "join key".



Then, you can create one sessions index and another logs index. Both indexes must have that session field. Then go in Kibana and can create one index-pattern for each index.



Next, go to the Discover tab and create one saved search per index pattern, you now should have a saved search named "Logs" and another one named "Sessions".



Finally, head to the Dashboard tab and add the two saved searches you created previously. On the screenshot below, you can see that when hovering over the session field you can filter by that field. If you click on (e.g.) session2, then both tables will be filtered accordingly, thus achieving what you need.



enter image description here






share|improve this answer





















  • any luck with this?
    – Val
    Nov 10 at 10:28










  • thank you very much! This solution exactly did what I want! This is even better than what I thought, because I can filter on other fields in the "Sessions" window instead of just session ID.
    – Yang Luo
    Nov 22 at 3:28












  • Awesome, glad it helped!
    – Val
    Nov 22 at 5:16













up vote
1
down vote



accepted







up vote
1
down vote



accepted






What I would do is to add a session field in the log table containing the same session name as in the session table for each log line. That's going to be your "join key".



Then, you can create one sessions index and another logs index. Both indexes must have that session field. Then go in Kibana and can create one index-pattern for each index.



Next, go to the Discover tab and create one saved search per index pattern, you now should have a saved search named "Logs" and another one named "Sessions".



Finally, head to the Dashboard tab and add the two saved searches you created previously. On the screenshot below, you can see that when hovering over the session field you can filter by that field. If you click on (e.g.) session2, then both tables will be filtered accordingly, thus achieving what you need.



enter image description here






share|improve this answer












What I would do is to add a session field in the log table containing the same session name as in the session table for each log line. That's going to be your "join key".



Then, you can create one sessions index and another logs index. Both indexes must have that session field. Then go in Kibana and can create one index-pattern for each index.



Next, go to the Discover tab and create one saved search per index pattern, you now should have a saved search named "Logs" and another one named "Sessions".



Finally, head to the Dashboard tab and add the two saved searches you created previously. On the screenshot below, you can see that when hovering over the session field you can filter by that field. If you click on (e.g.) session2, then both tables will be filtered accordingly, thus achieving what you need.



enter image description here







share|improve this answer












share|improve this answer



share|improve this answer










answered Nov 8 at 5:05









Val

99.3k6127164




99.3k6127164












  • any luck with this?
    – Val
    Nov 10 at 10:28










  • thank you very much! This solution exactly did what I want! This is even better than what I thought, because I can filter on other fields in the "Sessions" window instead of just session ID.
    – Yang Luo
    Nov 22 at 3:28












  • Awesome, glad it helped!
    – Val
    Nov 22 at 5:16


















  • any luck with this?
    – Val
    Nov 10 at 10:28










  • thank you very much! This solution exactly did what I want! This is even better than what I thought, because I can filter on other fields in the "Sessions" window instead of just session ID.
    – Yang Luo
    Nov 22 at 3:28












  • Awesome, glad it helped!
    – Val
    Nov 22 at 5:16
















any luck with this?
– Val
Nov 10 at 10:28




any luck with this?
– Val
Nov 10 at 10:28












thank you very much! This solution exactly did what I want! This is even better than what I thought, because I can filter on other fields in the "Sessions" window instead of just session ID.
– Yang Luo
Nov 22 at 3:28






thank you very much! This solution exactly did what I want! This is even better than what I thought, because I can filter on other fields in the "Sessions" window instead of just session ID.
– Yang Luo
Nov 22 at 3:28














Awesome, glad it helped!
– Val
Nov 22 at 5:16




Awesome, glad it helped!
– Val
Nov 22 at 5:16


















draft saved

draft discarded




















































Thanks for contributing an answer to Stack Overflow!


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.





Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


Please pay close attention to the following guidance:


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53201662%2fhow-to-make-one-discover-table-link-to-another-discover-table-in-dashboard-or-el%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







-

這個網誌中的熱門文章

Tangent Lines Diagram Along Smooth Curve

圖片
7 1 I am trying to replicate a diagram and have a minimal example. I don't know how to add additional tangents between the specified points and preserve smoothness. documentclass{article} usepackage{tikz} usetikzlibrary{calc,intersections} begin{document} begin{tikzpicture} % Axes draw [->, name path=x] (-1,0) -- (11,0) node [right] {$x$}; draw [->] (0,-1) -- (0,6) node [above] {$y$}; % Origin node at (0,0) [below left] {$0$}; % Points coordinate (start) at (1,-0.8); coordinate (c1) at (3,3); coordinate (c2) at (5.5,1.5); coordinate (c3) at (8,4); coordinate (end) at (10.5,-0.8); % show the points foreach n in {start,c1,c2,c3,end} fill [black] (n) circle (2pt) node [below] {}; % join the coordinates draw [thick,name path=curve] (start) to[out=70,in=180] (c1) to[out=0,in=180]
閱讀完整內容

Yusuf al-Mu'taman ibn Hud

圖片
Main article: Taifa of Zaragoza Al-Mu'taman Ruler of Zaragoza Reign 1081–1085 Predecessor Ahmad al-Muqtadir Successor Al-Mustain II Born Zaragoza Died 1085 Full name Yusuf ibn Ahmad al-Mu'taman ibn Hūd House Banu Hud Yusuf ibn Ahmad al-Mu'taman ibn Hūd (Arabic: المؤتمن بالله يوسف إبن أحمد إبن هود ‎, al-Mutaman bi l-Lah , died c. 1085) was the third king of the Banu Hud dynasty who ruled over the Taifa of Zaragoza from 1081 to 1085. Yusuf al-Mutaman reigned during the height of power of Muslim Zaragoza , following the thriving period of his father Ahmad al-Muqtadir. He continued his father's efforts and created around him a court of intellectuals, living in the beautiful palace of Aljafería, nicknamed as "the palace of joy". Al-Mu'taman was also a scholarly king and a patron of science, philosophy and arts. As an example of a wise king, he knew astrology, philosophy, and especially mathematics, a discipline in which
閱讀完整內容

Zucchini

圖片
This article is about the vegetable. For other uses, see Zucchini (disambiguation). Zucchini (courgette) A striped and a uniform color zucchini Genus Cucurbita Species Cucurbita pepo Origin 19th century northern Italy The zucchini ( / z uː ˈ k iː n i / , American English) or courgette ( / k ʊər ˈ ʒ ɛ t / , British English) is a summer squash which can reach nearly 1 metre (100 cm; 39 in) in length, but is usually harvested when still immature at about 15 to 25 cm (6 to 10 in). [1] A zucchini is a thin-skinned cultivar of what in Britain and Ireland is referred to as a marrow. [2] [3] In South Africa, a zucchini is known as a baby marrow. Along with certain other squashes and pumpkins, the zucchini belongs to the species Cucurbita pepo . It can be dark or light green. A related hybrid, the golden zucchini, is a deep yellow or orange color. [4] In a culinary context, the zucchini is treated as a vegetable; it is usually cooked and presented as a savory dish o
閱讀完整內容