Creating Correlated logs & metrics dashboards

To create correlation dashboards it is quintessential to create a visualization where you can apply the filters to the dashboards to establish the correlation between the filter and other visualizations on your dashboard.

To make a visualization where we can see the data and apply the filter to the live dashboard, you must create a search object and then add it to the visualization to apply the filter.

Below given are the steps that are required to create such a search object and then using it as a filter for all the visualization on the dashboard:

1. Click on the menu bar on the left-hand corner of the second ribbon on the screen and then click on the “Discover” tab

2. Once you click on the discover tab “Enter the index” of the logs/metrics that you want to build your search on. (For this example, you may use the logs from Mysql. Below given is the screenshot of the logs). Select the required index.

Select required Index for creating Search Object

3. Once you select the required index. You will then reach a screen as shown below:

Sample Data | Discover Tab

4. Select the “Column” as per the requirements that you want to display on the visualization on your dashboard. Use the “Plus” sign on each of the fields as shown below:

Selected fields will appear as colums in Search Object

5. Once you have selected all the required fields click on the “Save” button on the top end corner

6. Give a “Unique name” for the visualization which would appear on your dashboard.

7. Move to the required dashboard and click the “Edit” button to add the new search panel to your dashboard and then click on the “Add” option from the list of options

8. Once you click “Add”, a pop-up will appear on the right side of the screen to add the search panel. Search for the required panel name and then select the type of panel as “Saved Search” as shown below:

Use this option to optimally search for Search Objects

9. Click on the “Respective Panel Name” to add the search panel as a visualization on the dashboard.

Now that you have created a new search object on the dashboard. You can now use the search filter from the search panel

10. Reach out to the search panel that you have added to the dashboard from the previous steps. ( Example: of MySQL - Log Search data; show below)

Sample Search Object

11. For filtering out the data based on the values under the respective column names hover your pointer over the required field name and click on the “(+)Plus button”

Filtering is allowed on each field along all columns

12. Once you have selected the required filter all the graphs and metrics on your dashboard will be displayed with the applied filter(Example: Snapshot given below is based on the host.name). To confirm if the settings are applied across all the visualizations check on the top end corner of the dashboard as shown below

Included field using filter highlighted in Yellow

13. To eliminate any fields from the search, reach out to the search panel again & click on “(-)minus” sign. (Example: host.name: mysql-8)

14. To confirm if the filter is applied to all the visualizations check on the top left-hand corner of the elastic dashboard(Example: Continuation from point 4)

Filtered out value won't appear anywhere on the dashbaord

15. You can also use multiple filters together to change the values across your metrics.

Now you have successfully combined two different indices to filter the values and establish a correlation for the visualization on the dashboard.