Querying, Filtering, and Visualizing Data
You can interactively explore your data source data using the Metron dashboard. When HCP parses a telemetry, it extracts and normalizes different parts of the message into a standard Metron JSON object. Standardizing and normalizing field names and formats allows HCP to search different telemetry messages with a single query. You have access to every document in every index that matches your selected index patterns. The Metron dashboard enables you to submit search queries on the data source data, filter the search results, and view the results in a number of visualizations.
In HCP, if telemetry indexing is enabled, a rotating index for every telemetry is created. By convention this index will have a name [telemetry_name]_[timestamp]. Telemetry documents indexed into this index will by convention be called [telemetry_name]_doc. Queries reference the document type of the indexed telemetries.
For more information about exploring and analyzing your data, refer to the Kibana documentation:
Table 3.1. Querying, Filtering, and Visualizing Data
Task | Description | Where to Look |
---|---|---|
Querying your data |
You can search and refine the data you receive from your data source by creating a query from the Discover page. You should create and save a query for each data source not provided by HCP. HCP includes queries for the following telemetries:
You can also add custom queries for new telemetry types. | |
Filter your query results |
You can use the Metron dashboard to filter your query results to further refine the information. The Metron dashboard provides two types of filters:
| |
Visualizing your data |
You can filter search results to display only those documents that contain a particular value in a field. You can also create negative filters than exclude documents that contain the specified field value. | Visualize |