Hi,
Im using Elasticsearch 6 and grafana 5.
I’m trying to create a varibale of all the IP Addresses, using the field “IP”.
This field is of type string.
There is no error but also no output:
Thanks in advance.
Hi,
Have you created elastic data source in Grafana with version set? What does your index mappings look for the IP field in your documents? Thinking that you may need to specify that IP should be of type keyword in mapping and then use IP.keyword or similar in Grafana.
Marcus
I think it is case sensitive. You may need to switch IP to lowercase ip. I am on Elasticsearch 6.2 and Grafana 5 beta 4 and have this very query. I can confirm that it works properly for me.
Change your query to: {“find”:“fields”,“type”:“ip”}
mefraimsson is correct that you should also check your index mappings, to make sure you have fields with the IP type. A good way to further test this is also to change your query to: {“find”:“fields”} which should show you all of your fields, which from there you can ensure the query is properly completing.
I changed it to {“find”: “terms”, “field”: “IP.keyword”} and it fixed it.
Thank you!
Based on your results, it looks like you are saving your IP addresses into a keyword/ string field. You may want to investigate your index mapping, and adjust this to type:ip. Down the road, if you want to take advantage of Elasticsearch’s advanced search and aggregation functions for IP addresses (like IP range aggregation or CIDR based searches) you will need to store IP addresses as type:ip rather than type:keyword (your apparent, current mapping).
I have know the reason, the index pattern is not right for me, so no data found, the following index pattern is not right:
The following is right(please note the [ and ] char):
The solution for me was to put an asterix after my index name as so: index-name* and use the query pattern below:
{"find": "terms", "field": "very_secret_field.keyword"}
¯\_(ツ)_/¯