在Kibana Discover中按关键字排序

时间:2017-11-10 18:23:07

标签: elasticsearch kibana

如何在Kibana Discovery(版本5.6.3)中按字符串值对数据进行排序?我想按字段asc对行epoch.keyword进行排序。屏幕截图描绘了下面的Kibana视图:

enter image description here

我已经尝试了这个功能一段时间了,我得出结论,使用Add a filter +功能也无法实现,也没有在Elastic论坛上找到解释。 Elasticsearch文档中有关keyword数据类型的内容:

  

它们通常用于过滤(查找发布状态的所有博客帖子),排序和聚合。关键字字段只能按其确切值进行搜索。

...因此我认为它是可以实现的 - 我已经设法得到一个有效的查询,返回正确排序的条目(为了简洁起见了相关的输出):

curl -X GET 'http://<someurl>:<someport>/<someindex>/_search' --user <somecredentials> -d '{"query":{ "match_all": {} }, "sort":[{"epoch.keyword":{"order":"asc"}}]}' | python -m json.tool | grep epoch
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  7569  100  7500  100    69  48622    447 --:--:-- --:--:-- --:--:-- 48701
                    "epoch": "1510238524.255196",
                    "epoch": "1510238524.2578862",
                    "epoch": "1510238524.2595582",
                    "epoch": "1510238526.231628",
                    "epoch": "1510238526.2461028",
                    "epoch": "1510238526.2461133",
                    "epoch": "1510238526.2502348",
                    "epoch": "1510238526.2502463",
                    "epoch": "1510238526.2802055",
                    "epoch": "1510238526.2821074",

索引映射:

{
    "<index-name>": {
        "mappings": {
            "doc": {
                "properties": {
                    "@timestamp": {
                        "type": "date"
                    },
                    "@version": {
                        "fields": {
                            "keyword": {
                                "ignore_above": 256,
                                "type": "keyword"
                            }
                        },
                        "type": "text"
                    },
                    "beat": {
                        "properties": {
                            "hostname": {
                                "fields": {
                                    "keyword": {
                                        "ignore_above": 256,
                                        "type": "keyword"
                                    }
                                },
                                "type": "text"
                            },
                            "name": {
                                "fields": {
                                    "keyword": {
                                        "ignore_above": 256,
                                        "type": "keyword"
                                    }
                                },
                                "type": "text"
                            },
                            "version": {
                                "fields": {
                                    "keyword": {
                                        "ignore_above": 256,
                                        "type": "keyword"
                                    }
                                },
                                "type": "text"
                            }
                        }
                    },
                    "container_id": {
                        "fields": {
                            "keyword": {
                                "ignore_above": 256,
                                "type": "keyword"
                            }
                        },
                        "type": "text"
                    },
                    "container_name": {
                        "fields": {
                            "keyword": {
                                "ignore_above": 256,
                                "type": "keyword"
                            }
                        },
                        "type": "text"
                    },
                    "epoch": {
                        "fields": {
                            "keyword": {
                                "ignore_above": 256,
                                "type": "keyword"
                            }
                        },
                        "type": "text"
                    },
                    "fields": {
                        "properties": {
                            "logType": {
                                "fields": {
                                    "keyword": {
                                        "ignore_above": 256,
                                        "type": "keyword"
                                    }
                                },
                                "type": "text"
                            }
                        }
                    },
                    "host": {
                        "fields": {
                            "keyword": {
                                "ignore_above": 256,
                                "type": "keyword"
                            }
                        },
                        "type": "text"
                    },
                    "message": {
                        "fields": {
                            "keyword": {
                                "ignore_above": 256,
                                "type": "keyword"
                            }
                        },
                        "type": "text"
                    },
                    "namespace": {
                        "fields": {
                            "keyword": {
                                "ignore_above": 256,
                                "type": "keyword"
                            }
                        },
                        "type": "text"
                    },
                    "offset": {
                        "type": "long"
                    },
                    "pod_name": {
                        "fields": {
                            "keyword": {
                                "ignore_above": 256,
                                "type": "keyword"
                            }
                        },
                        "type": "text"
                    },
                    "tags": {
                        "fields": {
                            "keyword": {
                                "ignore_above": 256,
                                "type": "keyword"
                            }
                        },
                        "type": "text"
                    }
                }
            }
        }
    }
}

如何在Kibana Discovery中可视化相同的查询?

0 个答案:

没有答案
相关问题
最新问题