Learn more »
Push, build, and install
RubyGems
npm packages
Python packages
Maven artifacts
PHP packages
Go Modules
Bower components
Debian packages
RPM packages
NuGet packages
/* global _ */
/*
* Complex scripted Logstash dashboard
* This script generates a dashboard object that Kibana can load. It also takes a number of user
* supplied URL parameters, none are required:
*
* index :: Which index to search? If this is specified, interval is set to 'none'
* pattern :: Does nothing if index is specified. Set a timestamped index pattern. Default: [logstash-]YYYY.MM.DD
* interval :: Sets the index interval (eg: day,week,month,year), Default: day
*
* split :: The character to split the queries on Default: ','
* query :: By default, a comma separated list of queries to run. Default: *
*
* from :: Search this amount of time back, eg 15m, 1h, 2d. Default: 15m
* timefield :: The field containing the time to filter on, Default: @timestamp
*
* fields :: comma separated list of fields to show in the table
* sort :: comma separated field to sort on, and direction, eg sort=@timestamp,desc
*
*/
// Setup some variables
var dashboard, queries, _d_timespan;
// All url parameters are available via the ARGS object
var ARGS;
// Set a default timespan if one isn't specified
_d_timespan = '1d';
// Intialize a skeleton with nothing but a rows array and service object
dashboard = {
rows : [],
services : {}
};
// Set a title
dashboard.title = 'Logstash Search';
// Allow the user to set the index, if they dont, fall back to logstash.
if(!_.isUndefined(ARGS.index)) {
dashboard.index = {
default: ARGS.index,
interval: 'none'
};
} else {
// Don't fail to default
dashboard.failover = false;
dashboard.index = {
default: ARGS.index||'ADD_A_TIME_FILTER',
pattern: ARGS.pattern||'[logstash-]YYYY.MM.DD',
interval: ARGS.interval||'day'
};
}
// In this dashboard we let users pass queries as comma separated list to the query parameter.
// Or they can specify a split character using the split aparameter
// If query is defined, split it into a list of query objects
// NOTE: ids must be integers, hence the parseInt()s
if(!_.isUndefined(ARGS.query)) {
queries = _.object(_.map(ARGS.query.split(ARGS.split||','), function(v,k) {
return [k,{
query: v,
id: parseInt(k,10),
alias: v
}];
}));
} else {
// No queries passed? Initialize a single query to match everything
queries = {
0: {
query: '*',
id: 0,
}
};
}
// Now populate the query service with our objects
dashboard.services.query = {
list : queries,
ids : _.map(_.keys(queries),function(v){return parseInt(v,10);})
};
// Lets also add a default time filter, the value of which can be specified by the user
dashboard.services.filter = {
list: {
0: {
from: "now-"+(ARGS.from||_d_timespan),
to: "now",
field: ARGS.timefield||"@timestamp",
type: "time",
active: true,
id: 0,
}
},
ids: [0]
};
// Ok, lets make some rows. The Filters row is collapsed by default
dashboard.rows = [
{
title: "Chart",
height: "300px"
},
{
title: "Events",
height: "400px"
}
];
// And a histogram that allows the user to specify the interval and time field
dashboard.rows[0].panels = [
{
title: 'events over time',
type: 'histogram',
time_field: ARGS.timefield||"@timestamp",
auto_int: true,
span: 12
}
];
// And a table row where you can specify field and sort order
dashboard.rows[1].panels = [
{
title: 'all events',
type: 'table',
fields: !_.isUndefined(ARGS.fields) ? ARGS.fields.split(',') : [],
sort: !_.isUndefined(ARGS.sort) ? ARGS.sort.split(',') : [ARGS.timefield||'@timestamp','desc'],
overflow: 'expand',
span: 12
}
];
// Now return the object and we're good!
return dashboard;