search

elastic / kibana

Your window into the Elastic Stack
https://www.elastic.co/products/kibana
Other
19.6k stars 8.21k forks source link

Color code cells or rows based on field values #617

Closed cdeck closed 10 years ago

cdeck commented 11 years ago

I use kibana for many things, including slicing and dicing through my OSSEC (Host-Based Intrusion Detection System [HIDS]) alerts.

OSSEC has an alert leveling system to aid in reviewing logs, ranging from 0 to 16 - the higher the level, the more security-relevant the event. In Kibana 2 I hacked together a change so that a field named 'alert' would apply a different background color to that cell based on the value. For example: level 1 = dark green ... level 5 = blend of green and yellow ... level 8 = yellow ... level 16 = dark red

I got this idea from another individual involved with OSSEC. You can see a crude snapshot of his idea here: http://i1.ytimg.com/vi/SNYoXw24tfw/hqdefault.jpg

Kibana 3's code base is much more sophisticated now and I'm not confident in my ability to modify it to provide the same behavior.

It would be awesome if Kibana 3 could implement a similar system. The way I picture it working is that I specify a field and it's max value, then choose a color scheme for how either that cell OR the entire row would be colored (without making the table hard to read or perturbing the overall slick look of Kibana).

In addition to OSSEC users, I could see this being helpful for folks that want a way to distinguish between syslog facility levels.

If you read this far, thanks for at least considering my idea.

rashidkpc commented 11 years ago

I think the right way to accomplish this would be with named queries. Then you could color code the results based on the color of the query they match. Alternatively, this could perhaps fit into the field transformation ticket, though figuring out a UI for it would be challenging

http://www.elasticsearch.org/guide/en/elasticsearch/reference/current/search-request-named-queries-and-filters.html

greenkiwi commented 10 years ago

I would love to see this feature implemented, having the results have some display of the query that they were found in.

Maybe it could be a separate column for "query" with dots of each color that matched.

greenkiwi commented 10 years ago

this seems potentially similar to: https://github.com/elasticsearch/kibana/issues/335

spalger commented 10 years ago

Closing, duplicate of #335