I'm currently reporting user login and logout logs to Elasticsearch. Now I want to get the current logged i user count.
Document structure is simply as below
{
"userId": "user1",
"eventType": "LOGIN"
...
}
{
"userId": "user2",
"eventType": "LOGIN"
...
}
{
"userId": "user1",
"eventType": "LOGOUT"
...
}
So at a given point of time, current logged-in user count will be derived from the difference between record count of entityType=LOGIN and entityTyple=LOGOUT.
I want to get the count and plot the trend in line graph. May I know is it possible to visualize this kind of count difference as a number and line graph? If so any tips would be really appreciated.
You can use TSVB to do this. Recently there was another topic that shows how to use a Bucket Script aggregation in TSVB to have a line chart with calculated values. See: Tsvb - Sort by bucket script's value?
Hi @tsullivan, thank you for your prompt response. I have one more thing to clarify. As I can understood from TSVB, we cannot apply two filtering criteria for two aggregations. Unfortunately, in my case first aggregation (count) should have filtering criteria - eventType: Login and then the other aggregation (count) should have filtering criteria - eventType: LOGOUT.
Hi @Manjula_Piyumal. I seem to remember I had a similar question to yours some time ago. The issue with your approach is: You will get negative user counts when you filter on time and do not start at a time where no user is logged in. If at time n where m users are logged in but you start your count at time n+1 you start with 0 logged in users. Every user logging out now, without others logging in, will result in a negative user count.
Hi @Skeeve yes, you are absolutely correct. I'm experiencing it now. May I know how did you approach your problem? One possible solution would be intercepting the logs and do some pre-processing before sending the Elasticsearch. Am trying to avoid that approach and use Elasticsearch directly. I can change the data schema, but as per my log file, I only have the data to derive whether it's a login or logout event and the user id.
As usual for me with Kibana: I have no solution Sorry.
What I would suggest for your case is to log the current amount of users (if possible) I asssume that, at every log in and logout , the system itself knows the number of current users.
No worries. Unfortunately in my case I don't have a control over application and application team definitely won't agree to accept any changes. I'm thinking of considering the ability to intercept the logs and keep the state there.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
Sorry.