- Kibana Guide: other versions:
- Introduction
- Get started
- Set Up Kibana
- Discover
- Visualize
- Creating a Visualization
- Saving Visualizations
- Using rolled up data in a visualization
- Line, Area, and Bar charts
- Controls Visualization
- Data Table
- Markdown Widget
- Metric
- Goal and Gauge
- Pie Charts
- Coordinate Maps
- Region Maps
- Timelion
- TSVB
- Tag Clouds
- Heatmap Chart
- Vega Graphs
- Inspecting Visualizations
- Dashboard
- Canvas
- Graph data connections
- Machine learning
- Elastic Maps
- Code
- Infrastructure
- Logs
- APM
- Uptime
- SIEM
- Dev Tools
- Stack Monitoring
- Management
- Reporting from Kibana
- REST API
- Kibana plugins
- Limitations
- Release Highlights
- Breaking Changes
- Release Notes
- Developer guide
IMPORTANT: No additional bug fixes or documentation updates
will be released for this version. For the latest information, see the
current release documentation.
Advanced queries
editAdvanced queries
editWhen querying, you’re simply searching and selecting data from fields in Elasticsearch documents. It may be helpful to view some of your documents in Discover to better understand how APM data is stored in Elasticsearch.
Queries entered into the query bar are also added as parameters to the URL, so it’s easy to share a specific query or view with others.
You can begin to see some of the transaction fields available for filtering:
data:image/s3,"s3://crabby-images/995c2/995c2c921f98d1274fb34fa30f62455935de461d" alt="Example of the Kibana Query bar in APM UI in Kibana"
Example queries
edit-
Exclude response times slower than 2000 ms:
transaction.duration.us > 2000000
-
Filter by response status code:
context.response.status_code >= 400
-
Filter by single user ID:
context.user.id : 12
-
View all transactions for an endpoint, instead of just a sample -
processor.event: "transaction" AND transaction.name: "<TRANSACTION_NAME_HERE>"
Read the Kibana Query Language Enhancements documentation to learn more about the capabilities of the Kibana query language.
On this page
Was this helpful?
Thank you for your feedback.