I want to automate a few search in one, here are the steps:
Search in Kibana for this ID:"b2c729b5-6440-4829-8562-abd81991e2a0" which will return me a bunch of logs. Of these logs I need to take the first and the last timestamp:
I now would like to store these two data FROM: September 3rd 2019, 21:28:22.155, TO: September 3rd 2019, 21:28:23.524 in 2 variables
Run a second search in Kibana for the word "fail" in between these two variable of time
How to automate the whole process without need of copy/paste and running a second query?
EDIT:
SHORT STORY LONG: I work in a company that produce a software for autonomous vehicles.
SCENARIO: A booking is rejected and we need to understand why.
WHERE IS THE PROBLE: I need to monitor just a few seconds of logs on 3 different machines. Each log is completely separated, there is no relation between the logs so I cannot write a query in discover, I need to run 3 separated queries.
EXAMPLE:
A booking was rejected, so I open Chrome and I search on "elk-prod.myhost.com" for the BookingID:"b2c729b5-6440-4829-8562-abd81991e2a0" and I have a dozen of logs returned during a range of 2 seconds (FROM: September 3rd 2019, 21:28:22.155, TO: September 3rd 2019, 21:28:23.524).
Now I need to know what was happening on the car so I open a new Chrome tab and I search on "elk-prod.myhost.com" for the CarID: "Tesla-45-OU" on the time range FROM: September 3rd 2019, 21:28:22.155, TO: September 3rd 2019, 21:28:23.524
Now I need to know why the server which calculate the matching rejected the booking so I open a new Chrome tab and I search for the word CalculationMatrix always on the time range FROM: September 3rd 2019, 21:28:22.155, TO: September 3rd 2019, 21:28:23.524
CONCLUSION: I want to stop to keep opening Chrome tabs by hand and automate the whole thing. I have no idea around what time the book was made so I first need to search for the BookingID "b2c729b5-6440-4829-8562-abd81991e2a0", then store the timestamp of first and last log and run a second and third query based on those timestamps.
There is no relation between the 3 logs I search so there is no way to filter from the Discover, I need to automate 3 different query.
Here is how I would do it. First of all, from what I understand, you have three different indexes:
one for "bookings"
one for "cars"
one for "matchings"
First, in Discover, I would create three Saved Searches, one per index pattern. Then in Visualize, I would create a Vertical bar chart on the bookings saved search (Bucket X-Axis by date_histogram on the timestamp field, leave the rest as is). You'll get a nice histogram of all your booking events bucketed by time.
Finally, I would create a dashboard and add the vertical bar chart + those three saved searches inside it.
When done, the way I would search according to the process you've described above is as follows:
Search for the booking ID b2c729b5-6440-4829-8562-abd81991e2a0 in the top filter bar. In the bar chart histogram (bookings), you will see all documents related to the selected booking. On that chart, you can select the exact period from when the very first booking document happened to the very last. This will adapt the main time picker at the top and the start/end time will be "remembered" by Kibana
Remove the booking ID from the top filter (since we now know the time range and Kibana stores it). Search for Tesla-45-OU in the top filter bar. The bar histogram + the booking saved search + the matchings saved search will be empty, but you'll have data inside the second list, the one for cars. Find whatever you need to find in there and go to the next step.
Remove the car ID from the top filter and search for ComputationMatrix. Now the third saved search is going to show you whatever documents you need to see within that time range.
I'm lacking realistic data to try this out, but I definitely think this is possible as I've laid out above, probably with some adaptations.
Kibana does work like this (any order is ok):
Select time filter: https://www.elastic.co/guide/en/kibana/current/set-time-filter.html
Add additional criteria for search like for example field s is b2c729b5-6440-4829-8562-abd81991e2a0.
Add aditional criteria for search like for example field x is Fail.
Additionaly you can view surrounding documents https://www.elastic.co/guide/en/kibana/current/document-context.html#document-context
This is how Kibana works.
You can prepare some filters beforehands, save them and then use them if you want to automate the process of discovering somehow.
You can do that in Discover tab in Kibana using New/Save/Open options.
Edit:
I do not think you can achieve what you need in Kibana. As I mentioned earlier one option is to change the data that is comming to Elasticsearch so you can search for it via discover in Kibana. Another option could be builiding for example Java application, that is using Elasticsearch - then you can write algorithm that returns the data that you want. But i think it's a big overhead and I recommend checking the data first.
Edit: To clarify - you can create external Java let's say SpringBoot application that uses Elasticsearch - all the data that you need is inside it.
But in this option you will not use Kibana at all.
You can export the result to csv or what you want in the code.
SpringBoot application can ask ElasticSearch for whatever it needs, then it would be easy to store these time variables inside of Java code.
EDIT: After OP edited question to change it dramatically:
#FrancescoMantovani Well the edited version is very different from where you first posted here How to automate the whole process without need of copy/paste and running a second query? and search for word fail in a single shot. In accepted answer you are still using a three filters one at a time so it is not one search, but three.
What's more if you would use one index, and send data from multiple hosts via filebeat you don't even to have to create this dashboard to do that. Then you can you can select the exact period from when the very first document happened to the very last regarding filter and then remove it and add another filter that you need - it's simple as that. Before you were writing about one query,
How to automate the whole process without need of copy/paste and
running a second query?
not three. And you don't need to open new tab in Chrome each time you want to change filter just organize the data by for example using filebeat as mentioned before.
There is no relation between the 3 logs
From what you wrote the realation exist and it is time.
If the data is in for example three diferent indicies (cause documents don't have much similiar data) you can do it like that:
You change them easily in dicover see:
You can go to discover select index 1 search, select time range that you need, when you change index the time range is still the one you selected, you only need to change filter - you will get what you need.
Related
I was asked to create control table with Informatica. I am a newbie and do not have much knowledge about it. I saw the same kind of stuff in my previous project but don't know the way to create a mapplet for that. So the requirement is that I have to create a mapplet which has the following columns:
-mapping_name
-session_name
-last_run_date
--source count
--target count
--status
So what happens is
Example: We executed a workflow with a particular mapping last week.
Now after 1 week we are executing the same mapping.
The requirement is that we should be fetching only those records which fall in this particular time frame(i.e from previous run to the current run). This is something I do not know.
Can you please help me out? I can provide furthur details if required.
There is a solution provided in below link but it doesnt use mapplet.
See, if you want to use mapplet, you wont get 'status' attribute and mapplet approach can be difficult to implement for all mappings.
You can use this link to gather statistics as well.
http://powercenternotes.blogspot.com/2014/01/an-etl-framework-for-operational.html
Now, regarding your other requirement, it seems to me to be an issue with incremental extract. So, you need to store the date parameter when you ran your flow last - into a DB table or flat file.
Use that as reference and pull anything greater than that date.
Mapplet - We used this approach earlier to gather statistics. But this is difficult because you need to add this mapplet + a reusable generic target to capture stats.
Input -
Type_of_data- (this can be source, target)
unique_key - (unique key of the mapping)
MappingName - $PMMappingName
SessionName - $PMSessionName
Aggregator -
i/p-
Type_of_data
unique_key
MappingName group by
SessionName group by
o/p-
count_row = COUNT(*)
Output -
Type_of_data
MappingName
SessionName
count_row
Use a reusable generic target to capture all the rows. You need to add one set after each source, one set before each target. The approach in the link is better i think.
I am trying to to set a value for all items in a domain that do not already have a certain value and have an additional flag set.
Basically for all my items,
SET ValueA to 100 if ValueB is 0
But I am confused about how to achieve this. So far ive been setting the value for individual items by just using a PutRequest like this:
ArrayList<ReplaceableAttribute> newAttributes = new ArrayList<ReplaceableAttribute>();
newAttributes.add(new ReplaceableAttribute("ValueA",Integer.toString(100), true));
PutAttributesRequest newRequest = new PutAttributesRequest();
newRequest.setDomainName(usersDomain);
newRequest.setItemName(userID);
newRequest.setAttributes(newAttributes);
sdb.putAttributes(newRequest);
This works for an individual item and requires me to first get the item name (userID). Does this means that I have to "list" all of my items and do this 1 by 1?
I suppose that since I have around 19000+ items I would also have to use the token to get the next set after the 2000 limit right?
Isn't there a more efficient way? This might not be so heavy right now but I expect to eventually have over 100k items.
PD: I am using the AWS Java SDK for Eclipse.
If you are talking about how you can do it grammatically by writing your own code then Yes. First you have to know all item name i.e in your case UserID and then you need to set a value one by one. You can use BatchPUTAttribute in this case. Using Batch PUT you can update 25 items in one request. You can do 5 to 20 BatchPutAttribute requests in parallel threads. Know more to tune the performance.
If you need to do it somehow in tricky way then you can use SDBExplorer. Please Remember it will set 100 for all items because SDBExplorer does not support conditional PUT. If you would like to set it anyway then Follow these steps-
Download SDBExplorer zip version form download page.
Extract it and run the executable.
Download 30 days trial license.
Once license has been downloaded main UI will open.
Provide valid Access Key and Secret keys and click on "GO" button.
You will see list of domains in Left side tree.
Right click on the domain in which you would like to set value for all item.
Choose "Export to CSV" option.
Export the content of domain into CSV. http://www.sdbexplorer.com/documentation/simpledb--how-to-export-domain-in-csv-using-sdbexplorer.html
Go to path where your domain has exported.
Open CSV file.
Your first column is item name.
Delete all columns other then item Name and column "ValueA".
Set 100 for all item name under "ValueA" column.
Save the CSV.
Go to the SDBExplorer main UI.
Select the same domain.
Click on "Import" option from tool bar.
A panel will open.
Now Import the data into the Domain. http://www.sdbexplorer.com/documentation/simpledb--how-to-upload-csv-file-data-and-specifying-column-as-amazon-simple-db-item-name.html
Once import is done, explore the domain and you will find the value 100 set to all items for column ValueA.
Please try the steps first on any dummy domain.
What exactly I am trying to suggest you?
To know all item name in your domain, I am suggesting you to export all content of your domain into CSV file at local file system. Once you get all item name in CSV, keep only one column "ValueA". Set "100" for all the items in CSV file and upload/import the content back into domain.
Discloser: I am one of the developer of SDBExplorer.
I am having difficulty with a duration field on my form/table.
The users need to indicate in HH:MM how long a meeting took.
What datatype should the column have in the Table. Currently it is TIMESTAMP
How can I make the field have an input mask of 'HH:MM'. What I would like is for the user to be able to type '0130' and the field format it to '01:30' immediately.
Reporting on these times is required so I assume that entering the data as VARCHAR will not help.
Honestly, this is not such an easy subject as people might think it is, and probably more from a user interface point of view than technically.
The easiest way out? The apex datetimepicker. And honestly, if you're new to the technology I'd advise you to use this, especially if you want to steer clear from javascript/jquery initially.
Let's put it this way: the datepicker is fine and works good, but time is really not that fantastic.
Not all that hot right. The value in the input item does not change until you hit 'Close'. The time component seems like a last second sloppy addition honestly. It works, however. (But I'd still set the field to readonly so that a user can not enter text directly.)
Allowing text to be entered means it needs to be validated according to the correct format mask. And format masks differ between those in jQuery (the datepicker) and those in Oracle, and it might be possible that your oracle format mask is not possible in the datepicker, adding even more complexity. There is also no 'live' date validation (nor datetime), there is only the builtin item validation which will check the format mask and which fires on submit.
Anyway, I'd say take a look at it. Set your item to be displayed as a Date Picker, and use the format mask under settings to get the datetime picker:
Now you can push it further of course, though it'll cost some effort. There are several options though.
Personally, when I've implemented date+time I've always split the date from the time in 2 fields. 1 with the date component, and one with the time component, while keeping the item with the original value hidden (so 3 items total). I then use the datepicker on the date item, and use jquery timepicker plugins on the time item. On submit I then add the 2 values together and parse them in a date, and put this value in the original item again (to allow the standard processing to work on items with source set to database column).
One example of a timepicker is here, another one here. They're both not that hard to implement. They have good documentation too. I don't want to dive in the implementation of it here though, I advise you take a look at it first and see how much it scares you. (I'd set up an apex demo but am a bit pressed for time at the moment).
For example, using Trent's (second link) plugin:
put the js file in the apex images directory. I made a folder "/custom" in my case
add the required js files to the page (assuming apex 4.2, put this in javascript file urls)
#IMAGE_PREFIX#libraries/jquery-ui/1.8.22/ui/jquery.ui.slider.js
#IMAGE_PREFIX#custom/jquery-ui-timepicker-addon.js
use onload code such as this to initialize a field
$("#P95_DEPARTURE_TIME").timepicker({hourGrid: 4,minuteGrid: 10});
It'll end up looking as this:
Any further interaction between pickers will need to be handled in javascript code if you want it live. Don't forget server validations.
As for items, my hidden date item has format mask DD-MON-YYYY HH24:MI. Format masks are important, because items are bind variables, and bind variables are varchar2. The value in the html form is also just that, text.
For example, this is on my displayed date item, with a similar setup for the time item:
Then in an after-submit computation I glue the values together again and put them in the m that'll save the value to the database:
:P95_DEPARTURE_DATE_DISP||' '||:P95_DEPARTURE_TIME
This is just a short guide on the setup though, but might be interesting once you're a bit more familiar with the product.
There are also 2 timepicker plugins on apex-plugin, but honestly I don't find them interesting at all when compared to these already existing fine jquery plugins.
Give it some thought and look at it.
If quarters are enough..
item: text field with autocomplete
SELECT ss|| ':' || dd ss_dd
FROM
(SELECT to_char(trunc(sysdate)+(level - 1)/ 24,'HH24')ss
FROM dual CONNECT BY level <= 24),
(SELECT lpad(mod(15 * level, 60), 2, '0') dd
FROM dual CONNECT BY level <= 4)
APEX 4.2: Just to shed some light for any future viewings; now there are loads of Apex plugins for the purpose of picking Date/Time or both returning variations of date time formats as you would required. For e.g. as in your case HH:MM or HH24:MI.
I have personally used TimePicker plugin from http://www.apex-plugin.com which I have no problem in recommending.
I am trying to implement a search engine for a new app.
The app allows people to rate items (+1 or -1) - Giving the items a +ve or -ve score.
When people search for items, I'd like to take into account their rating and to order the results accordingly. If the item is a match, it should show up. But if it's a match with a high score it should be boosted up the results a bit.
A really good match should win over a fairly good match with a high score, so it needs to be weighted along with the rest of it (i.e. I boosted my titles a bit).
Not stuck on Solr by any means, only just started playing today.
With Solr, you can maintain a field with the document which holds the difference.
The difference can be between the total +1ve's and the -1ve's.
Solr allows you to boost on field values using function queries.
So you can query with the boost on the difference field, with documents with better difference scoring over others.
From indexing front, as this difference would change quite often, the respective document needs to be updated everytime.
Solr does not allow the updation of the single field, so you need to handle the incremental updates of the difference field.
If that would be a concern to you, can try using ExternalFileField.
This allows mapping of certain fields of documents such as ranking, popularity external to the index in a separate file.
The file can be updated and index committed to reflect the changes.
The field can also be used with function queries to boost the results as needed, however have lot of limitations.
You can order your results by a field that stores the ranking.
sqs.filter(content='blah').order_by('rating')
I have a custom variable set for all visitors; for our registered users it's some value, for unregistered users, it's empty.
I can find unregistered users in an advanced segment using the settings Exclude Custom Variable (Value 02) Matching Regexp .+ -- works brilliantly.
But I need a report of unregistered visitors for a dashboard, and tried to do the same thing with a filter. I have a metric of Visits and a dimension of something all vistors will have (e.g. Browser). My filter is identical to the one in the advanced segment, but ... not brilliant. I get no visits. I have tried to Include with a regex ^$ but no love there, either.
Any ideas what I am doing wrong?
To understand your problem and the solution yourself, let me illustrate how the data recording works in any collection process (Google Anlaytics is one of the tools used for data collection and analysis):
To record and analyse data, you first decide what you want to record, and then how. Maybe this how is where Google Analytics comes in for you. So, the data that you want to see is the metric, it can have a name and a (usually numeric) value, and each dimension is how you want to separate or drill down into the various views of the data. As an example, if you want to know how many visitors visited your site everyday, and you want to be able to see through which source they came, Daily Visitor Count is your metric and Source is your dimension.
The important thing to understand here is that Dimensions and Metrics are not bound together. What I mean here is that just because you decided that Daily Visitor Counts should be viewable by Source, doesn't add a source to every updation of the Daily Visitor Count metric. In order to view the metric by the dimenision, you need to update a value for the dimension every time you record the metric.
If you don't record a dimension for a metric, then you cannot obtain the value of the metrics for which you didn't record a dimension by applying a filter on the dimension. Because, using a dimension filter only lets you access the values recorded for the dimension, and not all metrics, because, dimensions don't contain values of metrics, only metrics can optionally contain values for dimensions.
So when you query "dimension equals regex +*", it works, with both include and exclude, but you cannot query metrics with empty dimension using a dimensional filter. The best way would be to only add a standard or default value for the dimension every time you record the metric so that you can separate, something like (not set) or unknown.
Hope that helps. :)
I just hope you understand what you were trying to do is conceptually wrong, though it could still have been made technically feasible.