Elasticsearch template variables
Instead of hard-coding details such as server, application, and sensor names in metric queries, you can use variables. Grafana lists these variables in dropdown select boxes at the top of the dashboard to help you change the data displayed in your dashboard. Grafana refers to such variables as template variables.
For an introduction to templating and template variables, refer to the Templating and Add and manage variables documentation.
Choose a variable syntax
The Elasticsearch data source supports two variable syntaxes for use in the Query field:
-
$varname
, such ashostname:$hostname
, which is easy to read and write but doesn’t let you use a variable in the middle of a word. -
[[varname]]
, such ashostname:[[hostname]]
When the Multi-value or Include all value options are enabled, Grafana converts the labels from plain text to a Lucene-compatible condition. For details, see the Multi-value variables documentation.
Use variables in queries
You can use other variables inside the query. This example is used to define a variable named $host
:
{"find": "terms", "field": "hostname", "query": "source:$source"}
This uses another variable named $source
inside the query definition. Whenever you change the value of the $source
variable via the dropdown, Grafana triggers an update of the $host
variable to contain only hostnames filtered by, in this case, the source
document property.
These queries by default return results in term order (which can then be sorted alphabetically or numerically as for any variable). To produce a list of terms sorted by doc count (a top-N values list), add an orderBy
property of “doc_count”. This automatically selects a descending sort.
NOTE: To use an ascending sort (
asc
) with doc_count (a bottom-N list), setorder: "asc"
. However, Elasticsearch discourages this because sorting by ascending doc count can return inaccurate results.
To keep terms in the doc count order, set the variable’s Sort dropdown to Disabled. You can alternatively use other sorting criteria, such as Alphabetical, to re-sort them.
{"find": "terms", "field": "hostname", "orderBy": "doc_count"}
Template variable examples
In the above example, a Lucene query filters documents based on the hostname
property using a variable named $hostname
. The example also uses a variable in the Terms group by field input box, which you can use to quickly change how data is grouped.
To view an example dashboard on Grafana Play, see the Elasticsearch Templated Dashboard.
Create a query
Write the query using a custom JSON string, with the field mapped as a keyword in the Elasticsearch index mapping.
If the query is multi-field with both a text
and keyword
type, use "field":"fieldname.keyword"
(sometimes fieldname.raw
) to specify the keyword field in your query.
Query | Description |
---|---|
|
Returns a list of field names with the index type |
|
Returns a list of values for a keyword using term aggregation. Query will use current dashboard time range as time range query. |
|
Returns a list of values for a keyword field using term aggregation and a specified Lucene query filter. Query will use current dashboard time range as time range for query. |
Queries of terms
have a 500-result limit by default. To set a custom limit, set the size
property in your query.