Skip to content

Instantly share code, notes, and snippets.

Avatar
🌀
Software developer @ Elastic working on Kibana. Previously @ NodeSource, IBM.

Patrick Mueller pmuellr

🌀
Software developer @ Elastic working on Kibana. Previously @ NodeSource, IBM.
View GitHub Profile
@pmuellr
pmuellr / kibana-dev-tools-console-event-log.txt
Created Sep 14, 2021
Kibana Dev Tools Console queries for the event log
View kibana-dev-tools-console-event-log.txt
#-------------------------------------------------------
# get 10 event log docs to see the structure
GET .kibana-event-log-7.14.0/_search
#-------------------------------------------------------
# count of rules by type and executions per type by Kibana server
GET .kibana-event-log-7.14.0/_search
{
@pmuellr
pmuellr / kibana-7.14.0-alerting-o11y.ndjson
Last active Sep 21, 2021
Kibana 7.14.0 saved objects for alerting o11y
View kibana-7.14.0-alerting-o11y.ndjson
{"attributes":{"fieldAttrs":"{\"event.outcome\":{\"count\":3},\"kibana.alerting.status\":{\"count\":5},\"message\":{\"count\":7},\"event.action\":{\"count\":4},\"kibana.alerting.action_group_id\":{\"count\":2},\"kibana.alerting.instance_id\":{\"count\":2},\"event.duration\":{\"count\":7},\"error.message\":{\"count\":4},\"event.end\":{\"count\":1},\"event.reason\":{\"count\":2},\"event.start\":{\"count\":1},\"rule.id\":{\"count\":1},\"kibana.spaceId\":{\"count\":1}}","fieldFormatMap":"{\"event.duration\":{\"id\":\"duration\",\"params\":{\"inputFormat\":\"nanoseconds\",\"outputFormat\":\"asSeconds\",\"showSuffix\":true,\"useShortSuffix\":true}},\"event.duration.ms\":{\"id\":\"duration\",\"params\":{\"inputFormat\":\"milliseconds\",\"outputFormat\":\"asMilliseconds\",\"showSuffix\":true,\"useShortSuffix\":true}}}","fields":"[]","runtimeFieldMap":"{\"event.duration.ms\":{\"type\":\"long\",\"script\":{\"source\":\"def duration = doc['event.duration'];\\nif (duration == null) return;\\nif (duration.size() == 0) ret
@pmuellr
pmuellr / kibana-7.13.2-alerting-o11y.ndjson
Last active Jul 15, 2021
Kibana 7.13.2 saved objects for alerting o11y
View kibana-7.13.2-alerting-o11y.ndjson
{"attributes":{"fieldAttrs":"{\"soid\":{\"count\":4},\"_id\":{\"count\":1},\"event.action\":{\"count\":1},\"event.duration\":{\"count\":1},\"event.provider\":{\"count\":1},\"kibana.alerting.status\":{\"count\":1}}","fieldFormatMap":"{\"event.duration\":{\"id\":\"duration\",\"params\":{\"inputFormat\":\"nanoseconds\",\"outputFormat\":\"asMilliseconds\",\"outputPrecision\":0,\"showSuffix\":false}}}","fields":"[]","runtimeFieldMap":"{\"soid\":{\"type\":\"keyword\",\"script\":{\"source\":\"def savedObjects = params._source[\\\"kibana\\\"][\\\"saved_objects\\\"];\\n\\nif (savedObjects != null) {\\n for (def savedObject : savedObjects) {\\n emit(savedObject[\\\"type\\\"] + \\\":\\\" + savedObject[\\\"id\\\"])\\n } \\n}\"}}}","timeFieldName":"@timestamp","title":".kibana-event-log-*"},"coreMigrationVersion":"7.13.2","id":"119d36c0-ce30-11eb-9885-59d424b49d0b","migrationVersion":{"index-pattern":"7.11.0"},"references":[],"type":"index-pattern","updated_at":"2021-06-16T03:14:42.635Z","version":"WzYzNTQ1LDFd"}
{"
@pmuellr
pmuellr / dashboard.ndjson
Last active Jun 4, 2021
Kibana dashboard for the alerting event log
View dashboard.ndjson
{"attributes":{"fieldAttrs":"{}","fieldFormatMap":"{\"event.duration\":{\"id\":\"duration\",\"params\":{\"inputFormat\":\"nanoseconds\",\"outputFormat\":\"asMilliseconds\",\"showSuffix\":true,\"useShortSuffix\":true,\"includeSpaceWithSuffix\":true}}}","fields":"[]","runtimeFieldMap":"{\"soid\":{\"type\":\"keyword\",\"script\":{\"source\":\"def savedObjects = params._source[\\\"kibana\\\"][\\\"saved_objects\\\"];\\n\\nif (savedObjects != null) {\\n for (def savedObject : savedObjects) {\\n emit(savedObject[\\\"type\\\"] + \\\":\\\" + savedObject[\\\"id\\\"])\\n } \\n}\\n\"}}}","timeFieldName":"@timestamp","title":".kibana-event-log-*","typeMeta":"{}"},"coreMigrationVersion":"8.0.0","id":"cd94ad50-c4c0-11eb-a329-07149b9b0aad","migrationVersion":{"index-pattern":"7.11.0"},"references":[],"type":"index-pattern","updated_at":"2021-06-03T23:25:41.302Z","version":"WzY4Nzg3LDFd"}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"
@pmuellr
pmuellr / soid-for-kbn-event-log.painleess
Created May 26, 2021
Kibana runtime field for saved object ids in the .kibana-event-log indices
View soid-for-kbn-event-log.painleess
// runtime field definition to add to .kibana-event-log index patterns
// I name the field `soid`, which will have either alert or action ids, or both
// prefixed by their type. Useful for Discover and Lens.
// For Kibana >= 7.13.0
def savedObjects = params._source["kibana"]["saved_objects"];
if (savedObjects.length > 0) {
emit(savedObjects[0]["type"] + ":" + savedObjects[0]["id"]);
}
@pmuellr
pmuellr / zod+js+jsdoc.js
Created Oct 31, 2020
trying to use zod in js with jsdoc type comments for vs code - almost works!
View zod+js+jsdoc.js
'use strict'
// examples from https://github.com/vriad/zod
// trying to use zod in JS w/ jsdoc type comments in vsCode
const z = require('zod')
const dogSchema = z.object({
name: z.string(),
@pmuellr
pmuellr / alerting-taskmanager-dashboard.ndjson
Last active Oct 15, 2020
alerting dashboard showing alerts/action function execution counts and task manager docs breakdowns
View alerting-taskmanager-dashboard.ndjson
{"attributes":{"fieldFormatMap":"{\"event.duration\":{\"id\":\"duration\",\"params\":{\"parsedUrl\":{\"origin\":\"https://81b07bbaeb0c43d2b6f957add35c71b2.us-east-1.aws.staging.foundit.no:9243\",\"pathname\":\"/app/home\",\"basePath\":\"\"},\"inputFormat\":\"nanoseconds\",\"outputFormat\":\"asMilliseconds\",\"outputPrecision\":0,\"showSuffix\":true}}}","fields":"[{\"count\":0,\"name\":\"@timestamp\",\"type\":\"date\",\"esTypes\":[\"date\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"_id\",\"type\":\"string\",\"esTypes\":[\"_id\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"count\":0,\"name\":\"_index\",\"type\":\"string\",\"esTypes\":[\"_index\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"count\":0,\"name\":\"_score\",\"type\":\"number\",\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"n
@pmuellr
pmuellr / es-log.txt
Created Feb 27, 2020
2020-02-27 es walkback from event-log
View es-log.txt
info [o.e.x.i.a.TransportPutLifecycleAction] [pmuellr.muellerware.org] adding index lifecycle policy [.kibana-event-log-policy]
info [o.e.c.m.MetaDataIndexTemplateService] [pmuellr.muellerware.org] adding template [.kibana-event-log-8.0.0-template] for index patterns [.kibana-event-log-8.0.0-*]
info [o.e.c.m.MetaDataCreateIndexService] [pmuellr.muellerware.org] [.kibana-event-log-8.0.0-000001] creating index, cause [api], templates [.kibana-event-log-8.0.0-template], shards [1]/[1], mappings [_doc]
info [o.e.x.i.IndexLifecycleTransition] [pmuellr.muellerware.org] moving index [.kibana-event-log-8.0.0-000001] from [null] to [{"phase":"new","action":"complete","name":"complete"}] in policy [.kibana-event-log-policy]
info [o.e.x.i.IndexLifecycleTransition] [pmuellr.muellerware.org] moving index [.kibana-event-log-8.0.0-000001] from [{"phase":"new","action":"complete","name":"complete"}] to [{"phase":"hot","action":"unfollow","name":"wait-for-indexing-complete"}] in policy [.kibana-event-log-policy]
info [o.e.x.i
@pmuellr
pmuellr / canvas-es-hb-sim
Last active Jan 16, 2020
Kibana canvas chart for es-hb-sim
View canvas-es-hb-sim
filters
| essql
query="SELECT \"@timestamp\" as time, \"summary.up\" as up FROM \"es-hb-sim\" WHERE time > NOW() - INTERVAL 60 SECONDS"
| pointseries x="time" y="up"
| plot defaultStyle={seriesStyle lines="1" fill=1 bars="0"}
| render
@pmuellr
pmuellr / whole-lotta-alerts-hb.sh
Last active Jan 14, 2020
whole-lotta-alerts stress tester for Kibana alerting using heartbeat data
View whole-lotta-alerts-hb.sh
#!/usr/bin/env bash
# creates a number of alerts with a server-log action
# Note that default alerttype - example.heartbeat is from
# https://github.com/pmuellr/kbn-sample-plugins#exampleheartbeat
# requires the following:
# jq: https://stedolan.github.io/jq/download/
# kbn-action: https://github.com/pmuellr/kbn-action/blob/master/README.md