Grafana 4使用Elasticsearch进行模板化5

Question

Edit: See below for the solution 编辑：请参阅下面的解决方案

Currently having an issue with the templating in Grafana - trying to get a dropdown of hostnames from some data I'm feeding in to Elasticsearch via Logstash's Graphite plugin, so I can build a dynamic template in Grafana. 目前在Grafana中存在模板问题 - 试图从我通过Logstash的Graphite插件向Elasticsearch提供的一些数据中获取主机名，因此我可以在Grafana中构建动态模板。

Versions are Grafana 4.1.2 + Elasticsearch/Logstash 5.2.1 版本是Grafana 4.1.2 + Elasticsearch / Logstash 5.2.1

The terms query in Grafana I'm trying to use is as follows as per docs on grafana website - http://docs.grafana.org/features/datasources/elasticsearch/ : 我正在尝试使用的Grafana中的术语查询如下所示，如grafana网站上的文档 - http://docs.grafana.org/features/datasources/elasticsearch/ ：

{"find": "terms", "field": "host_name"}

This works fine if the field is a numeric type field - eg I get results in the template for metric_value, but this doesn't seem to work for text/string fields. 如果字段是数字类型字段，这可以正常工作 - 例如，我在metric_value的模板中得到结果，但这似乎不适用于文本/字符串字段。 I'm wondering if this is maybe due to the way I'm constructing or ingesting the fields - You can see below how I"m trying to achieve this - note, I've tried "keyword" and "text" types for these fields, neither seem to work. 我想知道这是否可能是由于我构建或摄取字段的方式 - 您可以在下面看到我是如何尝试实现这一点的 - 请注意，我已尝试过“关键字”和“文字”类型田地，似乎都不起作用。

This is the Logstash input filter that I'm using - basically trying to split the graphite style metric into seperate fields - 这是我正在使用的Logstash输入过滤器 - 基本上是尝试将石墨样式度量分割为单独的字段 -

input {
  graphite {
    type => graphite
    port => 2003
    id => "graphite_input"
  }
}

filter {
        if [type] == "graphite" {
                grok {
                        match => [ "message", "\Aicinga2\.%{MONGO_WORDDASH:host_name:keyword}\.%{WORD:metric_type:keyword}\.%{NOTSPACE:metric_name:keyword}\.value%{SPACE}%{NUMBER:metric_value:float}%{SPACE}%{POSINT:timestamp:date}" ]
                }
        }

}

output { 
        if [type] == "graphite" {
                elasticsearch {
                        index => "graphite-%{+YYYY.MM}"
                        hosts => ["localhost"]
                }
        }

}

And an example document I'm indexing (taken from kibana) 我正在索引的示例文档（取自kibana）

{
  "_index": "graphite-2017.02",
  "_type": "graphite",
  "_id": "XYZdflksdf",
  "_score": null,
  "_source": {
    "@timestamp": "2017-02-21T00:17:16.000Z",
    "metric_name": "interface-eth0.snmp-interface.perfdata.eth0_in_discard",
    "port": 37694,
    "icinga2.XXXYYY.services.interface-eth0.snmp-interface.perfdata.eth0_in_discard.value": 357237,
    "@version": "1",
    "host": "192.168.1.1",
    "metric_type": "services",
    "metric_value": 357237,
    "message": "icinga2.XXXYYY.services.interface-eth0.snmp-interface.perfdata.eth0_in_discard.value 357237 1487636236",
    "type": "graphite",
    "host_name": "XXXYYY",
    "timestamp": "1487636236"
  },
  "fields": {
    "@timestamp": [
      1487636236000
    ]
  },
  "sort": [
    1487636236000
  ]
}

Answer 1

I have now solved this problem myself. 我现在自己解决了这个问题。 The string fields are required to be defined as not_analyzed in order to appear in the Grafana dashboard. 字符串字段需要定义为not_analyzed才能显示在Grafana仪表板中。

Here's an example Template you can use: Note: you'll have to install this manually, it seems like logstash won't install it into elasticsearch for some reason (maybe a bug?) Install like so (assuming path is /etc/logstash/graphite-new.json: 这是一个你可以使用的模板示例：注意：你必须手动安装，似乎logstash不会因为某种原因将它安装到elasticsearch中（也许是一个bug？）像这样安装（假设路径是/ etc / logstash） /graphite-new.json：

curl -XPUT 'http://localhost:9200/_template/graphite-*' -d@/etc/logstash/graphite-new.json

Template: 模板：

{ 
    "template" : "graphite-*", 
    "settings" : { "index.refresh_interval" : "60s" }, 
    "mappings" : { 
        "_default_" : { 
            "_all" : { "enabled" : false }, 
            "dynamic_templates" : [{ 
              "message_field" : { 
                "match" : "message", 
                "match_mapping_type" : "string", 
                "mapping" : { "type" : "string", "index" : "not_analyzed" } 
              } 
            }, { 
              "string_fields" : { 
                "match" : "*", 
                "match_mapping_type" : "string", 
                "mapping" : { "type" : "string", "index" : "not_analyzed" } 
              } 
            }], 
            "properties" : { 
                "@timestamp" : { "type" : "date", "format" : "dateOptionalTime" }, 
                "@version" : { "type" : "integer", "index" : "not_analyzed" }, 
                "metric_name" : { "type" : "string", "index" : "not_analyzed" }, 
                "host" : { "type" : "string", "index" : "not_analyzed" }, 
                "host_name" : { "type" : "string", "index" : "not_analyzed" }, 
                "metric_type" : { "type" : "string", "index" : "not_analyzed" } 
            } 
        } 
    } 
}

I've still got this defined in the logstash filter as well: 我仍然在logstash过滤器中定义了这个：

if [type] == "graphite" {
        elasticsearch {
                index => "graphite-%{+YYYY.MM}"
                hosts => ["localhost"]
                template => "/etc/logstash/graphite-new.json"
        }
}

Grafana 4使用Elasticsearch进行模板化5

问题描述

1 个解决方案

解决方案1
0 已采纳 2017-02-23 21:56:51

Grafana 4使用Elasticsearch进行模板化5

问题描述

1 个解决方案

解决方案1 0 已采纳 2017-02-23 21:56:51

解决方案1
0 已采纳 2017-02-23 21:56:51