Is it possible to use timeUnit after a flatten and flod transformation?
In the example below it doesnt work!
If I remove the timeUnit from the x axis it plots, but without the good things that come with the timeUnit.
Thanks
This is an example code that can be executed in the link below
https://vega.github.io/editor/#/edited
{
"$schema": "https://vega.github.io/schema/vega-lite/v4.json",
"description": "Sales in a Year.",
"width": 500,
"height": 200,
"data": {
"values": [
{"timestamp": ["2019-01-01","2019-02-01","2019-03-01","2019-04-01","2019-05-01","2019-06-01",
"2019-07-01","2019-08-01","2019-09-01","2019-10-01","2019-11-01","2019-12-01"],
"cars" : [55, 43, 91, 81, 53, 19, 87, 52, 52, 44, 52, 52],
"bikes" : [12, 6, 2, 0, 0, 0, 0, 0, 0, 3, 9, 15]}
]
},
"transform": [
{"flatten": ["timestamp", "cars", "bikes"]},
{"fold": ["cars", "bikes"]}
],
"mark": {"type":"bar", "tooltip": true, "cornerRadiusEnd": 4},
"encoding": {
"x": {"field": "timestamp",
"timeUnit": "month",
"type": "ordinal",
"title": "",
"axis": {"labelAngle": 0}},
"y": {"field": "value",
"type": "quantitative",
"title": "Soiling Loss"},
"color":{"field": "key",
"type": "nominal"}
}
}
For convenience, strings in input data with a simple temporal encoding are automatically parsed as dates, but such parsing is not applied to data that is the result of a transformation.
In this case, you can do the parsing manually with a calculate transform (view in editor):
{
"$schema": "https://vega.github.io/schema/vega-lite/v4.json",
"description": "Sales in a Year.",
"width": 500,
"height": 200,
"data": {
"values": [
{
"timestamp": [
"2019-01-01",
"2019-02-01",
"2019-03-01",
"2019-04-01",
"2019-05-01",
"2019-06-01",
"2019-07-01",
"2019-08-01",
"2019-09-01",
"2019-10-01",
"2019-11-01",
"2019-12-01"
],
"cars": [55, 43, 91, 81, 53, 19, 87, 52, 52, 44, 52, 52],
"bikes": [12, 6, 2, 0, 0, 0, 0, 0, 0, 3, 9, 15]
}
]
},
"transform": [
{"flatten": ["timestamp", "cars", "bikes"]},
{"fold": ["cars", "bikes"]},
{"calculate": "toDate(datum.timestamp)", "as": "timestamp"}
],
"mark": {"type": "bar", "tooltip": true, "cornerRadiusEnd": 4},
"encoding": {
"x": {
"field": "timestamp",
"timeUnit": "month",
"type": "ordinal",
"title": "",
"axis": {"labelAngle": 0}
},
"y": {"field": "value", "type": "quantitative", "title": "Soiling Loss"},
"color": {"field": "key", "type": "nominal"}
}
}
Related
I have a JSON formatted output as below, how to access and valid the outputs of each node with Assert statement
{
"Type": "Page",
"X": 0,
"Y": 0,
"Width": 696,
"Height": 888,
"Children": [
{
"Type": "Column",
"X": 0,
"Y": 0,
"Width": 696,
"Height": 888,
"Children": [
{
"Type": "Paragraph",
"X": 209,
"Y": 290,
"Width": 248,
"Height": 24,
"Children": [
{
"Type": "Line",
"X": 209,
"Y": 290,
"Width": 248,
"Height": 24,
"Children": [
{
"Type": "Word",
"X": 209,
"Y": 290,
"Width": 49,
"Height": 24,
"Children": [
],
"Content": "Core"
},
{
"Type": "Word",
"X": 263,
"Y": 290,
"Width": 106,
"Height": 24,
"Children": [
],
"Content": "Enterprise"
},
{
"Type": "Word",
"X": 375,
"Y": 290,
"Width": 82,
"Height": 24,
"Children": [
],
"Content": "Installer"
}
],
"Content": null
}
],
"Content": null
},
{
"Type": "Paragraph",
"X": 580,
"Y": 803,
"Width": 79,
"Height": 13,
"Children": [
{
"Type": "Line",
"X": 580,
"Y": 803,
"Width": 79,
"Height": 13,
"Children": [
{
"Type": "Word",
"X": 580,
"Y": 803,
"Width": 46,
"Height": 13,
"Children": [
],
"Content": "Version"
},
{
"Type": "Word",
"X": 629,
"Y": 803,
"Width": 12,
"Height": 13,
"Children": [
],
"Content": "8."
},
{
"Type": "Word",
"X": 640,
"Y": 803,
"Width": 12,
"Height": 13,
"Children": [
],
"Content": "0."
},
{
"Type": "Word",
"X": 651,
"Y": 803,
"Width": 8,
"Height": 13,
"Children": [
],
"Content": "0"
}
],
"Content": null
}
],
"Content": null
}
],
"Content": null
}
],
"Content": null
}
Looking for solutions
Terraform beginner here. I am trying to create some widgets from a nested list. Group will be a "label" widget indicating the group followed by the metric widgets for the canaries related to the group. So the dashboard should look as follows:
Group 1
widget1, widget2 etc.
Group 2
widget3, widget4 etc.
Variable value:
dashboard = [
{
name = "Group-1",
canaries = ["canary1", "canary2", "canary3"]
},
{
name = "Group-2",
canaries = ["canary4", "canary5"]
}
]
Attempt at building json:
locals {
body = [for group in var.dashboard :
#Create text widget for Group name
{
"height": 1,
"width": 24,
"y": 4,
"x": 0,
"type": "text",
"properties": {
"markdown": "\n# > [${group.name}]\n"
}
}
#Attempt to create underlying widgets for group
[for canary in group.canaries :
{
{
"height": 3,
"width": 6,
"y": 5,
"x": 0,
"type": "metric",
"properties": {
"metrics": [
[ "CloudWatchSynthetics", "Failed", "CanaryName", "${canary}", { "label": "Canary failures count", "region": "us-west-2" } ]
],
"title": "Failed canary runs",
"period": 60,
"region": "us-west-2",
"stat": "Sum",
"view": "singleValue",
"setPeriodToTimeRange": true
}
}
}
] #TF Doesn't like the inclusion of nested loop here or my syntax is incorrect.
]
}
Resource creation:
resource "aws_cloudwatch_dashboard" "canary_dashboard" {
dashboard_name = "Canary-Dashboard"
dashboard_body = jsonencode({
"widgets": concat(local.body)
})
}
In my creation of body, Terraform complains about Missing close bracket on index, but I have triple checked that I am not missing a bracket or curly brace. How do I dynamically create the dashboard widgets from nested lists?
Edit
Including desired json output below as suggested by Jordan. In the end, there will be n number of groups, each having n number of canaries belonging to said group.
{
"widgets": [
{
"height": 1,
"width": 24,
"y": 4,
"x": 0,
"type": "text",
"properties": {
"markdown": "\n# Group1\n"
}
},
{
"height": 3,
"width": 6,
"y": 5,
"x": 6,
"type": "metric",
"properties": {
"metrics": [
[ "CloudWatchSynthetics", "Failed", "CanaryName", "Group1-Canary", { "label": "Canary failures count", "region": "us-west-2" } ]
],
"title": "Failed canary runs",
"period": 60,
"region": "us-west-2",
"stat": "Sum",
"view": "singleValue",
"setPeriodToTimeRange": true
}
},
{
"height": 1,
"width": 24,
"y": 4,
"x": 0,
"type": "text",
"properties": {
"markdown": "\n# Group2\n"
}
},
{
"height": 3,
"width": 6,
"y": 5,
"x": 6,
"type": "metric",
"properties": {
"metrics": [
[ "CloudWatchSynthetics", "Failed", "CanaryName", "Group2-Canary", { "label": "Canary failures count", "region": "us-west-2" } ]
],
"title": "Failed canary runs",
"period": 60,
"region": "us-west-2",
"stat": "Sum",
"view": "singleValue",
"setPeriodToTimeRange": true
}
},
]
}
You're trying to do something with list comprehension that Terraform doesn't allow (see where I've marked "HERE"):
locals {
body = [for group in var.dashboard :
#Create text widget for Group name
{
"height": 1,
"width": 24,
"y": 4,
"x": 0,
"type": "text",
"properties": {
"markdown": "\n# > [${group.name}]\n"
}
} <===== HERE
#Attempt to create underlying widgets for group
[for canary in group.canaries :
{
{
"height": 3,
"width": 6,
"y": 5,
"x": 0,
"type": "metric",
"properties": {
"metrics": [
[ "CloudWatchSynthetics", "Failed", "CanaryName", "${canary}", { "label": "Canary failures count", "region": "us-west-2" } ]
],
"title": "Failed canary runs",
"period": 60,
"region": "us-west-2",
"stat": "Sum",
"view": "singleValue",
"setPeriodToTimeRange": true
}
}
}
] #TF Doesn't like the inclusion of nested loop here or my syntax is incorrect.
]
}
If TF allowed you to do what you're trying to do, you'd end up with something like:
body = [
{
"height": 1,
"width": 24,
"y": 4,
"x": 0,
"type": "text",
"properties": {
"markdown": "\n# > [${group.name}]\n"
}
},
[
{
{
"height": 3,
"width": 6,
"y": 5,
"x": 0,
"type": "metric",
"properties": {
"metrics": [
[ "CloudWatchSynthetics", "Failed", "CanaryName", "${canary}", { "label": "Canary failures count", "region": "us-west-2" } ]
],
"title": "Failed canary runs",
"period": 60,
"region": "us-west-2",
"stat": "Sum",
"view": "singleValue",
"setPeriodToTimeRange": true
}
}
},
{
{
"height": 3,
"width": 6,
"y": 5,
"x": 0,
"type": "metric",
"properties": {
"metrics": [
[ "CloudWatchSynthetics", "Failed", "CanaryName", "${canary}", { "label": "Canary failures count", "region": "us-west-2" } ]
],
"title": "Failed canary runs",
"period": 60,
"region": "us-west-2",
"stat": "Sum",
"view": "singleValue",
"setPeriodToTimeRange": true
}
}
}
]
]
And I doubt that's what you're trying to do. If you can provide a sample of what you'd like the JSON to look like, we can show you how to achieve it.
I have a database of exercises in a workout tracker, and when I do a find(), the result is this:
[
{
"_id": "5e9dacbb6512969974bd5b2d",
"day": "2020-04-10T14:07:55.905Z",
"exercises": [
{
"type": "resistance",
"name": "Bicep Curl",
"duration": 20,
"weight": 100,
"reps": 10,
"sets": 4
}
]
},
{
"_id": "5e9dacbb6512969974bd5b2e",
"day": "2020-04-11T14:07:55.916Z",
"exercises": [
{
"type": "resistance",
"name": "Lateral Pull",
"duration": 20,
"weight": 300,
"reps": 10,
"sets": 4
}
]
},
{
"_id": "5e9dacbb6512969974bd5b2f",
"day": "2020-04-12T14:07:55.916Z",
"exercises": [
{
"type": "resistance",
"name": "Push Press",
"duration": 25,
"weight": 185,
"reps": 8,
"sets": 4
}
]
},
{
"_id": "5e9dacbb6512969974bd5b30",
"day": "2020-04-13T14:07:55.916Z",
"exercises": [
{
"type": "cardio",
"name": "Running",
"duration": 25,
"distance": 4
}
]
},
{
"_id": "5e9dacbb6512969974bd5b31",
"day": "2020-04-14T14:07:55.916Z",
"exercises": [
{
"type": "resistance",
"name": "Bench Press",
"duration": 20,
"weight": 285,
"reps": 10,
"sets": 4
}
]
},
{
"_id": "5e9dacbb6512969974bd5b32",
"day": "2020-04-15T14:07:55.916Z",
"exercises": [
{
"type": "resistance",
"name": "Bench Press",
"duration": 20,
"weight": 300,
"reps": 10,
"sets": 4
}
]
},
{
"_id": "5e9dacbb6512969974bd5b33",
"day": "2020-04-16T14:07:55.916Z",
"exercises": [
{
"type": "resistance",
"name": "Quad Press",
"duration": 30,
"weight": 300,
"reps": 10,
"sets": 4
}
]
},
{
"_id": "5e9dacbb6512969974bd5b34",
"day": "2020-04-17T14:07:55.916Z",
"exercises": [
{
"type": "resistance",
"name": "Bench Press",
"duration": 20,
"weight": 300,
"reps": 10,
"sets": 4
}
]
},
{
"_id": "5e9dacbb6512969974bd5b35",
"day": "2020-04-18T14:07:55.916Z",
"exercises": [
{
"type": "resistance",
"name": "Military Press",
"duration": 20,
"weight": 300,
"reps": 10,
"sets": 4
}
]
},
{
"_id": "5e9dacbb6512969974bd5b36",
"day": "2020-04-19T14:07:55.916Z",
"exercises": [
{
"type": "resistance",
"name": "Bench",
"duration": 30,
"distance": 2
}
]
}
]
Then I need to get total sums of statistics from each exercise, so I used mongoose aggregate to give me this data:
[
{
"_id": null,
"totalDuration": 230,
"totalWeight": 2070,
"totalSets": 32,
"totalReps": 78,
"totalDistance": 6
}
]
I want to combine these two results in one GET request, ideally doing something similar to a push where I just push the totals at the end of the first JSON object. How do I achieve this?
Something like this:
function mergeResults(resultFromFindQuery, totalSums){
var allData = {};
allData['mongoFindresult'] = resultFromFindQuery;
allData['totalSums'] = totalSums;
return allData;
}
Then use the returned value to what you need to do. Now you have both of them in the same variable.
i have this two arrays of objects:
bookUnitIdInformacoes
[
{
"id": 5,
"book_id": 33,
"unit": 1,
"sequence": 1,
"description": "UNIT_01_GRAMMAR",
"qt_question": 5,
"status": false,
"user_id": 1,
"created_at": "2019-12-27 08:11:21",
"updated_at": "2019-12-30 14:54:12",
"miniature": null
},
{
"id": 6,
"book_id": 33,
"unit": 1,
"sequence": 2,
"description": "UNIT_01_VOCABULARY",
"qt_question": 5,
"status": false,
"user_id": 1,
"created_at": "2019-12-27 08:11:39",
"updated_at": "2019-12-27 08:11:39",
"miniature": null
},
{
"id": 7,
"book_id": 33,
"unit": 2,
"sequence": 1,
"description": "UNIT_02_GRAMMAR",
"qt_question": 5,
"status": false,
"user_id": 1,
"created_at": "2019-12-27 08:11:46",
"updated_at": "2019-12-27 08:11:46",
"miniature": null
},
{
"id": 8,
"book_id": 39,
"unit": 1,
"sequence": 1,
"description": "UNIT_01_GRAMMAR",
"qt_question": 5,
"status": false,
"user_id": 1,
"created_at": "2019-12-30 11:07:09",
"updated_at": "2019-12-30 15:03:50",
"miniature": null
}
]
and idioma:
[
{
"id": 13,
"code": "ING-NOT-2019",
"description": "Inglês Noturno 2019",
"start_date": "2019-12-30T03:00:00.000Z",
"end_date": "2019-12-31T03:00:00.000Z",
"period": "Noturno",
"language": "Inglês",
"status": false,
"user_id": 1,
"created_at": "2019-12-30 10:04:47",
"updated_at": "2020-01-05 16:08:00",
"language_substring": "US"
},
{
"id": 14,
"code": "ESP-MAN-2019",
"description": "Espanhol manhã 2019",
"start_date": "2019-12-30T03:00:00.000Z",
"end_date": "2019-12-31T03:00:00.000Z",
"period": "Manhã",
"language": "Espanhol",
"status": false,
"user_id": 1,
"created_at": "2019-12-30 11:06:44",
"updated_at": "2019-12-30 11:06:44",
"language_substring": null
}
]
I'm grouping the bookUnitIdInfomacoes by book_id reducing the array into an object of key => value pairs as book_id => array of books
Then, using [ Object.values ] to retrieve only the values of this groupedObj object.
Lastly, we map idiomas and add the corresponding book group into a new property called quizz . For a given idioma , we know its position in idiomas thanks to the second argument of map : i . We simply do grouped[i] to get the corresponding group of books.
The code:
const groupedObj = bookUnitIdInformacoes.reduce((grouped, info) => {
grouped[info.book_id] = grouped[info.book_id] || [];
grouped[info.book_id].push(info);
return grouped;
}, {});
const grouped = Object.values(groupedObj);
const result = idiomas.map((idioma, i) => ({
...idioma,
quizz: grouped[i]
}));
But when i do a return result i have this:
[
{
"__setters__": [
"$attributes",
"$persisted",
"primaryKeyValue",
"$originalAttributes",
"$relations",
"$sideLoaded",
"$parent",
"$frozen",
"$visible",
"$hidden"
],
"$attributes": {
"id": 2,
"code": "ING-NOT-2019",
"description": "Inglês Noturno 2019",
"start_date": "2019-12-30T03:00:00.000Z",
"end_date": "2019-12-31T03:00:00.000Z",
"period": "Noturno",
"language": "Inglês",
"status": false,
"user_id": 1,
"created_at": "2019-12-30T13:04:47.000Z",
"updated_at": "2020-01-05T19:08:00.000Z",
"language_substring": "US"
},
"$persisted": true,
"$originalAttributes": {
"id": 2,
"code": "ING-NOT-2019",
"description": "Inglês Noturno 2019",
"start_date": "2019-12-30T03:00:00.000Z",
"end_date": "2019-12-31T03:00:00.000Z",
"period": "Noturno",
"language": "Inglês",
"status": false,
"user_id": 1,
"created_at": "2019-12-30T13:04:47.000Z",
"updated_at": "2020-01-05T19:08:00.000Z",
"language_substring": "US"
},
"$relations": {},
"$sideLoaded": {},
"$parent": null,
"$frozen": false,
"quizz": [
{
"id": 1,
"book_id": 1,
"unit": 1,
"sequence": 1,
"description": "UNIT_01_GRAMMAR",
"qt_question": 5,
"status": false,
"user_id": 1,
"created_at": "2019-12-27 08:11:21",
"updated_at": "2019-12-30 14:54:12",
"miniature": null
},
{
"id": 2,
"book_id": 1,
"unit": 1,
"sequence": 2,
"description": "UNIT_01_VOCABULARY",
"qt_question": 5,
"status": false,
"user_id": 1,
"created_at": "2019-12-27 08:11:39",
"updated_at": "2019-12-27 08:11:39",
"miniature": null
},
{
"id": 3,
"book_id": 1,
"unit": 2,
"sequence": 1,
"description": "UNIT_02_GRAMMAR",
"qt_question": 5,
"status": false,
"user_id": 1,
"created_at": "2019-12-27 08:11:46",
"updated_at": "2019-12-27 08:11:46",
"miniature": null
}
]
},
{
"__setters__": [
"$attributes",
"$persisted",
"primaryKeyValue",
"$originalAttributes",
"$relations",
"$sideLoaded",
"$parent",
"$frozen",
"$visible",
"$hidden"
],
"$attributes": {
"id": 3,
"code": "ESP-MAN-2019",
"description": "Espanhol manhã 2019",
"start_date": "2019-12-30T03:00:00.000Z",
"end_date": "2019-12-31T03:00:00.000Z",
"period": "Manhã",
"language": "Espanhol",
"status": false,
"user_id": 1,
"created_at": "2019-12-30T14:06:44.000Z",
"updated_at": "2019-12-30T14:06:44.000Z",
"language_substring": null
},
"$persisted": true,
"$originalAttributes": {
"id": 3,
"code": "ESP-MAN-2019",
"description": "Espanhol manhã 2019",
"start_date": "2019-12-30T03:00:00.000Z",
"end_date": "2019-12-31T03:00:00.000Z",
"period": "Manhã",
"language": "Espanhol",
"status": false,
"user_id": 1,
"created_at": "2019-12-30T14:06:44.000Z",
"updated_at": "2019-12-30T14:06:44.000Z",
"language_substring": null
},
"$relations": {},
"$sideLoaded": {},
"$parent": null,
"$frozen": false,
"quizz": [
{
"id": 4,
"book_id": 2,
"unit": 1,
"sequence": 1,
"description": "UNIT_01_GRAMMAR",
"qt_question": 5,
"status": false,
"user_id": 1,
"created_at": "2019-12-30 11:07:09",
"updated_at": "2019-12-30 15:03:50",
"miniature": null
}
]
}
]
How i can deserialize this? JSON.stringify(result) returns the same json.
Try this:
const result = idiomas.map(({ $attributes }, i) => ({
...$attributes,
quizz: grouped[i]
}))
Looks like a simple usecase but for some reason I just can't figure out how to do this, or google a clear example.
Lets say I have a message stored in logstash
message:
"info: 2015-11-28 22:02:19,232:common:INFO:ENV: Production
User:None:Username:None:LOG: publishing to bus "
And I want to search in kibana (version 4) for the phrase:"publishing to bus"
I'll get a set of results
But if I'll search for: "None:LOG: publishing to bus"
Then I get "No results found".
While Obviously this phrase does exists and is returned by the previous search.
So my question is basically - What is going on? What is the correct way to search for a possible long phrase and why does the second example fail.
EDIT:
The stored JSON.
{
"_index": "logz-ngdxrkmolklnvngumaitximbohqwbocg-151206_v1",
"_type": "django_logger",
"_id": "AVF2DPxZZst_8_8_m-se",
"_score": null,
"_source": {
"log": " publishing to bus {'user_id': 8866, 'event_id': 'aibRBPcLxcAzsEVRtFZVU5', 'timestamp': 1449384441, 'quotes': {}, 'rates': {u'EURUSD': Decimal('1.061025'), u'GBPUSD': Decimal('1.494125'), u'EURGBP': Decimal('0.710150')}, 'event': 'AccountInstrumentsUpdated', 'minute': 1449384420}",
"logger": "common",
"log_level": "INFO",
"message": "2015-12-06 06:47:21,298:common:INFO:ENV: Production User:None:Username:None:LOG: publishing to bus {'user_id': 8866, 'event_id': 'aibRBPcLxcAzsEVRtFZVU5', 'timestamp': 1449384441, 'quotes': {}, 'rates': {u'EURUSD': Decimal('1.061025'), u'GBPUSD': Decimal('1.494125'), u'EURGBP': Decimal('0.710150')}, 'event': 'AccountInstrumentsUpdated', 'minute': 1449384420}",
"type": "django_logger",
"tags": [
"celery"
],
"path": "//path/to/logs/out.log",
"environment": "Staging",
"#timestamp": "2015-12-06T06:47:21.298+00:00",
"user_id": "None",
"host": "path.to.host",
"timestamp": "2015-12-06 06:47:21,298",
"username": "None"
},
"fields": {
"#timestamp": [
1449384441298
]
},
"highlight": {
"message": [
"2015-12-06 06:47:21,298:common:INFO:ENV: Staging User:None:Username:None:LOG: #kibana-highlighted-field#publishing#/kibana-highlighted-field# #kibana-highlighted-field#to#/kibana-highlighted-field# #kibana-highlighted-field#bus#/kibana-highlighted-field# {'user_id': **, 'event_id': 'aibRBPcLxcAzsEVRtFZVU5', 'timestamp': 1449384441, 'quotes': {}, 'rates': {u'EURUSD': Decimal('1.061025'), u'GBPUSD': Decimal('1.494125'), u'EURGBP': Decimal('0.710150')}, 'event': 'AccountInstrumentsUpdated', 'minute': 1449384420}"
]
},
"sort": [
1449384441298
]
}
Accodrding to Elasticsearch, it uses standard analyzer as default. The standard analyzer tokenizes the message field as follows:
"2015-12-06 06:47:21,298:common:INFO:ENV: Production
User:None:Username:None:LOG: publishing to bus {'user_id': 8866,
'event_id': 'aibRBPcLxcAzsEVRtFZVU5', 'timestamp': 1449384441,
'quotes': {}, 'rates': {u'EURUSD': Decimal('1.061025'), u'GBPUSD':
Decimal('1.494125'), u'EURGBP': Decimal('0.710150')}, 'event':
'AccountInstrumentsUpdated', 'minute': 1449384420}"
{
"tokens": [
{
"token": "2015",
"start_offset": 0,
"end_offset": 4,
"type": "<NUM>",
"position": 0
},
{
"token": "12",
"start_offset": 5,
"end_offset": 7,
"type": "<NUM>",
"position": 1
},
{
"token": "06",
"start_offset": 8,
"end_offset": 10,
"type": "<NUM>",
"position": 2
},
{
"token": "06",
"start_offset": 11,
"end_offset": 13,
"type": "<NUM>",
"position": 3
},
{
"token": "47",
"start_offset": 14,
"end_offset": 16,
"type": "<NUM>",
"position": 4
},
{
"token": "21,298",
"start_offset": 17,
"end_offset": 23,
"type": "<NUM>",
"position": 5
},
{
"token": "common:info:env",
"start_offset": 24,
"end_offset": 39,
"type": "<ALPHANUM>",
"position": 6
},
{
"token": "production",
"start_offset": 41,
"end_offset": 51,
"type": "<ALPHANUM>",
"position": 7
},
{
"token": "user:none:username:none:log",
"start_offset": 52,
"end_offset": 79,
"type": "<ALPHANUM>",
"position": 8
},
{
"token": "publishing",
"start_offset": 81,
"end_offset": 91,
"type": "<ALPHANUM>",
"position": 9
},
{
"token": "to",
"start_offset": 92,
"end_offset": 94,
"type": "<ALPHANUM>",
"position": 10
},
{
"token": "bus",
"start_offset": 95,
"end_offset": 98,
"type": "<ALPHANUM>",
"position": 11
},
{
"token": "user_id",
"start_offset": 100,
"end_offset": 107,
"type": "<ALPHANUM>",
"position": 12
},
{
"token": "8866",
"start_offset": 109,
"end_offset": 113,
"type": "<NUM>",
"position": 13
},
{
"token": "event_id",
"start_offset": 115,
"end_offset": 123,
"type": "<ALPHANUM>",
"position": 14
},
{
"token": "aibrbpclxcazsevrtfzvu5",
"start_offset": 125,
"end_offset": 147,
"type": "<ALPHANUM>",
"position": 15
},
{
"token": "timestamp",
"start_offset": 149,
"end_offset": 158,
"type": "<ALPHANUM>",
"position": 16
},
{
"token": "1449384441",
"start_offset": 160,
"end_offset": 170,
"type": "<NUM>",
"position": 17
},
{
"token": "quotes",
"start_offset": 172,
"end_offset": 178,
"type": "<ALPHANUM>",
"position": 18
},
{
"token": "rates",
"start_offset": 184,
"end_offset": 189,
"type": "<ALPHANUM>",
"position": 19
},
{
"token": "ueurusd",
"start_offset": 192,
"end_offset": 199,
"type": "<ALPHANUM>",
"position": 20
},
{
"token": "decimal",
"start_offset": 201,
"end_offset": 208,
"type": "<ALPHANUM>",
"position": 21
},
{
"token": "1.061025",
"start_offset": 209,
"end_offset": 217,
"type": "<NUM>",
"position": 22
},
{
"token": "ugbpusd",
"start_offset": 220,
"end_offset": 227,
"type": "<ALPHANUM>",
"position": 23
},
{
"token": "decimal",
"start_offset": 229,
"end_offset": 236,
"type": "<ALPHANUM>",
"position": 24
},
{
"token": "1.494125",
"start_offset": 237,
"end_offset": 245,
"type": "<NUM>",
"position": 25
},
{
"token": "ueurgbp",
"start_offset": 248,
"end_offset": 255,
"type": "<ALPHANUM>",
"position": 26
},
{
"token": "decimal",
"start_offset": 257,
"end_offset": 264,
"type": "<ALPHANUM>",
"position": 27
},
{
"token": "0.710150",
"start_offset": 265,
"end_offset": 273,
"type": "<NUM>",
"position": 28
},
{
"token": "event",
"start_offset": 277,
"end_offset": 282,
"type": "<ALPHANUM>",
"position": 29
},
{
"token": "accountinstrumentsupdated",
"start_offset": 284,
"end_offset": 309,
"type": "<ALPHANUM>",
"position": 30
},
{
"token": "minute",
"start_offset": 311,
"end_offset": 317,
"type": "<ALPHANUM>",
"position": 31
},
{
"token": "1449384420",
"start_offset": 319,
"end_offset": 329,
"type": "<NUM>",
"position": 32
}
]
}
The phrase "Production User:None:Username:None:LOG: publishing to bus "
{
"token": "production",
"start_offset": 41,
"end_offset": 51,
"type": "<ALPHANUM>",
"position": 7
},
{
"token": "user:none:username:none:log",
"start_offset": 52,
"end_offset": 79,
"type": "<ALPHANUM>",
"position": 8
},
{
"token": "publishing",
"start_offset": 81,
"end_offset": 91,
"type": "<ALPHANUM>",
"position": 9
},
{
"token": "to",
"start_offset": 92,
"end_offset": 94,
"type": "<ALPHANUM>",
"position": 10
},
{
"token": "bus",
"start_offset": 95,
"end_offset": 98,
"type": "<ALPHANUM>",
"position": 11
}
So if you search "publishing to bus" the elasticsearch matches the above three token and return the document.
if you search "None:LOG: publishing to bus" "None:LOG:" doesn't match fully so it doesn't return the document.
you can try "User:None:Username:None:LOG: publishing to bus" to get the result.
There are some problems in Kibana with special character as : | and -. When kibana found that kind of character they save in different parts, not in the same field. For that is easy to find publishing to bus or None or log. The solution is that you must indicate to kibana that the field wil not be analyzed.