58 Advanced Features in OpenSearch Dashboards

Neben den grundlegenden Funktionen bietet OpenSearch Dashboards eine Reihe fortgeschrittener Features, die Ihre Analysemöglichkeiten erheblich erweitern. In diesem Kapitel lernen Sie diese Features kennen und wie Sie sie effektiv einsetzen können.

58.1 Drilldowns und Dashboard-Links

58.1.1 Drilldown-Konfiguration

{
  "drilldowns": [
    {
      "name": "Error Details",
      "urlTemplate": "/app/dashboards#/view/error-details-dashboard?_g=(time:(from:'{{date.start}}',to:'{{date.end}}'))&error_id={{error.id}}",
      "conditions": [
        {
          "field": "level",
          "value": "ERROR",
          "operator": "is"
        }
      ]
    }
  ]
}

58.1.2 Dashboard-Links erstellen

PUT _plugins/_dashboards/api/saved_objects/dashboard/main-dashboard
{
  "attributes": {
    "title": "Main Dashboard",
    "links": [
      {
        "title": "Details View",
        "url": "/app/dashboards#/view/details-dashboard",
        "icon": "visualizeApp",
        "conditions": {
          "field": "status",
          "value": "active"
        }
      }
    ]
  }
}

58.2 Canvas-Workpads

58.2.1 Grundlegende Canvas-Elemente

{
  "workpad": {
    "name": "System Overview",
    "width": 1920,
    "height": 1080,
    "page": 1,
    "elements": [
      {
        "type": "metric",
        "position": {
          "left": 0,
          "top": 0,
          "width": 200,
          "height": 100
        },
        "expression": "opensearch index=\"metrics-*\" metric=\"avg:system.cpu.usage\"",
        "display": {
          "font": {
            "size": 24,
            "color": "#000000"
          }
        }
      }
    ]
  }
}

58.2.2 Dynamische Datenintegration

{
  "dataSource": {
    "type": "opensearchDatasource",
    "query": {
      "query": {
        "bool": {
          "must": [
            {
              "range": {
                "@timestamp": {
                  "gte": "now-15m",
                  "lte": "now"
                }
              }
            }
          ]
        }
      },
      "aggs": {
        "usage_over_time": {
          "date_histogram": {
            "field": "@timestamp",
            "fixed_interval": "1m"
          }
        }
      }
    }
  }
}

58.3 Reporting

58.3.1 Report-Definition erstellen

PUT _plugins/_reporting/definition
{
  "report_params": {
    "report_name": "Daily System Status",
    "report_source": "dashboard",
    "description": "Daily system status report",
    "dashboard_id": "system-overview",
    "report_format": "pdf"
  },
  "trigger": {
    "trigger_type": "schedule",
    "schedule": {
      "period": "1d",
      "interval": 1
    }
  },
  "delivery": {
    "recipients": ["admin@example.com"],
    "channel": "email",
    "condition": {
      "script": "params.hits > 0"
    }
  }
}

58.3.2 Custom Report-Templates

{
  "template": {
    "header": {
      "content": "System Status Report - {{date}}",
      "style": {
        "fontSize": 24,
        "fontWeight": "bold"
      }
    },
    "body": {
      "sections": [
        {
          "title": "Performance Metrics",
          "content": "{{metricsTable}}"
        },
        {
          "title": "Alerts",
          "content": "{{alertsList}}"
        }
      ]
    }
  }
}

58.4 Alerting über Dashboards

58.4.1 Alert-Definition

PUT _plugins/_alerting/monitors/dashboard_monitor
{
  "type": "monitor",
  "name": "Dashboard Alert Monitor",
  "enabled": true,
  "schedule": {
    "period": {
      "interval": 5,
      "unit": "MINUTES"
    }
  },
  "inputs": [
    {
      "search": {
        "indices": ["metrics-*"],
        "query": {
          "bool": {
            "must": [
              {
                "range": {
                  "system.cpu.usage": {
                    "gte": 90
                  }
                }
              }
            ]
          }
        }
      }
    }
  ],
  "triggers": [
    {
      "name": "High CPU Usage",
      "severity": "High",
      "condition": {
        "script": {
          "source": "ctx.results[0].hits.total.value > 0"
        }
      },
      "actions": [
        {
          "name": "Email Alert",
          "destination_id": "email_destination",
          "message_template": {
            "source": "High CPU usage detected: {{ctx.results.0.hits.hits.0._source.system.cpu.usage}}%",
            "lang": "mustache"
          }
        }
      ]
    }
  ]
}

58.4.2 Komplexe Alerting-Szenarien

PUT _plugins/_alerting/monitors/complex_monitor
{
  "type": "monitor",
  "name": "Complex System Monitor",
  "enabled": true,
  "inputs": [
    {
      "search": {
        "indices": ["metrics-*", "logs-*"],
        "query": {
          "bool": {
            "should": [
              {
                "range": {
                  "system.cpu.usage": {
                    "gte": 90
                  }
                }
              },
              {
                "range": {
                  "system.memory.used_percent": {
                    "gte": 85
                  }
                }
              },
              {
                "term": {
                  "log.level": "ERROR"
                }
              }
            ],
            "minimum_should_match": 2
          }
        }
      }
    }
  ],
  "triggers": [
    {
      "name": "System Critical",
      "severity": "Critical",
      "condition": {
        "script": {
          "source": """
            def cpuHigh = false;
            def memoryHigh = false;
            def hasErrors = false;
            
            for (hit in ctx.results[0].hits.hits) {
              if (hit._source.system?.cpu?.usage >= 90) cpuHigh = true;
              if (hit._source.system?.memory?.used_percent >= 85) memoryHigh = true;
              if (hit._source.log?.level == 'ERROR') hasErrors = true;
            }
            
            return (cpuHigh && memoryHigh) || (cpuHigh && hasErrors) || (memoryHigh && hasErrors);
          """
        }
      }
    }
  ]
}

58.5 Advanced Dashboard Customization

58.5.1 Custom CSS und Styling

{
  "dashboard": {
    "style": {
      "background": "#f5f5f5",
      "font-family": "'Helvetica Neue', Arial, sans-serif",
      "custom-css": `
        .dashboard-panel {
          border-radius: 8px;
          box-shadow: 0 2px 4px rgba(0,0,0,0.1);
        }
        .metric-value {
          font-weight: bold;
          color: #2c3e50;
        }
      `
    }
  }
}

58.5.2 Interaktive Filter

{
  "filter_bar": {
    "filters": [
      {
        "meta": {
          "alias": "High Priority",
          "negate": false,
          "disabled": false,
          "type": "phrase",
          "key": "priority",
          "params": {
            "query": "high"
          }
        },
        "query": {
          "match_phrase": {
            "priority": "high"
          }
        }
      }
    ],
    "pinned": true,
    "enabled": true
  }
}

58.6 Best Practices

1. Performance-Optimierung

   • Begrenzen Sie die Anzahl der Visualisierungen pro Dashboard
   • Verwenden Sie effiziente Abfragen
   • Implementieren Sie Caching wo sinnvoll

2. Benutzerfreundlichkeit

   • Konsistentes Layout verwenden
   • Intuitive Navigation implementieren
   • Hilfetexte und Dokumentation bereitstellen

3. Wartbarkeit

   • Dashboard-Konfigurationen versionieren
   • Dokumentation pflegen
   • Regelmäßige Reviews durchführen