Need help to create dashboard

Mrig342 — Thu, 05 Aug 2021 15:15:47 GMT

Hi,

I need to create a dashboard panel merging two different search queries. I have below two queries:

index=int_gcg_nam_eventcloud_164167 host="mwgcb-ckbla02U*" source="/logs/confluent/kafkaLogs/server.log" "Broker may not be available" | rex field=_raw "(?ms)]\s(?P<Code>\w+)\s\[" | search Code="WARN" | stats count | eval mwgcb-ckbla02U.nam.nsroot.net=if(count=0, "Running", "Down") | table mwgcb-ckbla02U.nam.nsroot.net

This give me the status of the broker based on the availability of the indicator "Broker may not be available".

index=int_gcg_nam_eventcloud_164167 host="mwgcb-ckbla02U*" source="/logs/confluent/zookeeperLogs/*" "java.net.SocketException: Broken pipe" OR "ZK Down" | rex field=_raw "(?ms)\]\s(?P<Code>\w+)\s" | search Code="WARN" | rex field=_raw "(?ms)\/(?P<IP_Address>(\d+\.){3}\d+)\:\d+" | stats count | eval mwgcb-ckbla02U.nam.nsroot.net=if(count=0, "Running", "Down") | table mwgcb-ckbla02U.nam.nsroot.net

This gives me the status of zookeeper based on the availability of the indicators "java.net.SocketException: Broken pipe" OR "ZK Down".

Now, I want to merge both the search queries such that I can get the status of both broker and zookeeper in a tabular format.

for e.g. for the host mwgcb-ckbla02U.nam.nsroot.net

Broker Down

Zookeeper Running

I tried creating a query as below:

However in any time range where the indicators are not available, it throws output as "No results found" and hence not able to create the dashboard.

Please help to get the output in the desired manner. Thanks..!!

Re: Need help to create dashboard

ITWhisperer — Thu, 05 Aug 2021 15:38:52 GMT

Mrig342 — Fri, 06 Aug 2021 05:36:56 GMT

Thank you ITWhisperer..!!

The query worked fine..