Skip to content

Track 6 Punch Kibana plugin

Abstract

This track introduces the Punch Kibana plugin. With this plugin, you can access the whole Punch documentation, extract subsets of data, and much more.

Access Punch documentation

Refer to the Punch documentation plugin.

Data extraction

Refer to the Punch data extraction plugin.

Question

How long is an extraction kept within the archiver ?

Exercise

Extract the content.event_type, platform.application and ID fields of the platform-logs-* documents for the last 20 minutes.

Once it's done, download the extraction.

Solution

  1. In Kibana, go to the Punch plugin from the left navigation panel.
  2. Click on the Data extraction tile.
  3. In the Origin panel, click on the Index patterns tab and choose the index pattern platform-logs-*
  4. On the extraction range, click on the Calendar icon and enter Last 20 minutes, and click Apply
  5. In the Fields to extract panel, check the Extract _id checkbox, and click on the fields content.event_type and platform.application.
  6. In the Destination panel, enter a description, ikq_platform_logs for example.
  7. Click on Execute ; the extraction is created and running.
  8. At the top of the page, click on Job executions ; you should see the extraction with a Running status. Wait a few seconds and click on Refresh until the status turns to Success.
  9. In the Output column, click on Download ; an archive should be downloaded.