How to specify each label when using "split:field" in .es()?

[Morriaty-The-Murderer]

Hi, I've read Timelion function reference, but seemed no func or arg can make it. What I need is

.es(index=logstash-*, split=field_name:5).label(field1=XXX, field2=YYY, ...)
# or like this
.es(index=logstash-*, split=field_name:5).label(field=$one_of_the_five)

[Cardy165]

Hi,

This is already possible if the label of your graph already contains the value you want to include.

In the example below I am splitting on the field host using split="host:10"

In my chart my labels look something like:

q:_type:"interface:"em1" > host:dev-01 > max(bytes) q:_type:"interface:"em1" > host:dev-02 > max(bytes) q:_type:"interface:"em1" > host:dev-03 > max(bytes)

I use the following to change the label to include the hostname.

.label(regex='.host:(.?) .*',label='Interface em1 ($1)')

The regex pattern matches the host part in the un-formatted label allowing you to extract sections of it.

Hope this helps

Lee

[rashidkpc]

Yep, what @Cardy165 said. The split label formatting tries to include all of the information about the request that it can to enable you to format it with a regex afterwards