JSON input for kibana dashboards

Hi all,
I want to create a customised dashboards for monitoring kuberenetes in cloud. Right now we are using the default dashboards, but wish I can customise more to suit my needs. For an instance, the current dashboards provide a feature to monitor the CPU usage, on the whole, we thought it might be more helpful to know how much each container use each beat.
PS: I am aware of creating the custom visualizations and adding to the dashboard. But wish to know if there is a way to manage the dynamic changes. Like the default dashboards. I tried to this by adding a new horizontal bar and providing the system.cpu.usr.pct in the y-axis and in x-axis provided with an aggregation of the term with beat.host name and an additional sub-aggregation with a filter kubernetes.container.name=’#####’ but there is no data in the graph and the visualization is empty.

In this screenshot there is a spelling mistake for kubernetes i corrected and tried but didnt get any output.Also i tried changing filter with double quotes (kubernetes.container.name="#####"), without any quotes (kubernetes.container.name=#####) also.


I just realized that I need to add 2 aggregations 1 for beat.hostname and another for kubernetes.container.name. Is there any option to do so? I added significant terms and beat.name in primary aggregation and the following command in json-input but i know something is wrong

“script”: {

“inline”: “doc[‘kubernetes.container.name’].value=####”,

“lang”: “painless”


And tried this as well,
{ “query”: { “match”: { “kubernetes.container.name”: { “query”: “###”, “type”: “phrase” } } } }
and got this error

Visualize: [illegal_argument_exception] [significant_terms] unknown field [query], parser not found```

I’m a little confused because it seems you have multiple questions here. The JSON input that you’re entering into only supports the actual parameters expected by the Elasticsearch aggregation, and I don’t think it’s quite what you want.
You mentioned that you need to add 2 aggregations. Could you split series by kubernetes.container.name and then add another split (either x-axis or chart) by beat.name?

I did the same, split series by filters with kubernetes.container.name=“kube-proxy” and in x-axis with significant term and beat.hostname

No output :frowning:

Sorry, I meant do a split with a terms aggregation, not a filters aggregation. Could you try that?

Tried that too, split series term with kubernetes.container.name and again in x-axis with a significant term of beat.hostname. I don’t know what is wrong :frowning:

This works fine when I try to find CPU usage with 1 aggregation i.e. beat.hostname but doesnt work when i add another aggregation

Hmm… Do the documents containing kubernetes.container.name also have system.cpu.user.pct?

Not sure how to check that. Sorry i am very new to this and if you mean if both are in same index then yes

Resolved. Sorry i found out the mistake. It was not using the same term

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.