Bug 1396268

Summary: [DOCS] Request for Kibana Filter Documentation
Product: OpenShift Container Platform Reporter: Steven Walter <stwalter>
Component: DocumentationAssignee: Vikram Goyal <vigoyal>
Status: CLOSED EOL QA Contact: Vikram Goyal <vigoyal>
Severity: low Docs Contact: Vikram Goyal <vigoyal>
Priority: unspecified    
Version: 3.3.0CC: aos-bugs, jokerman, mmccomas
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-08-10 06:46:17 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Steven Walter 2016-11-17 19:59:46 UTC 
Document URL: 
https://docs.openshift.com/container-platform/3.3/install_config/aggregate_logging.html

Section Number and Name: 
New Section

Describe the issue: 
Customer would like some examples for syntax for common Kibana searches. For instance:
    What are all the logs for the last hour for a single version of a single application, but across all replicas?
    What are all the logs for the last hour for all versions of a single application, but across all replicas?
    What are all the logs, categorized as error, for the last hour for a single version of a single application, but across all replicas?

They would like to request that examples be added to the logging guide so that cluster administrators and developers can more easily use the kibana console.

Currently I have referred customer to the Kibana 4.5.x documentation at https://www.elastic.co/guide/en/kibana/4.5/index.html but there is no current indication about kibana syntax in the openshift docs themselves