I'm currently trying to visualize max concurrent users from my application. There exists a separate log file for this purpose with the following nomenclature:
Here, the initial two fields are the date & time stamps followed by an integer value for the concurrent users. I'm getting this data from Filebeat and am able to see it in Kibana. However, when attempting to create a visualization, the available metrics (count/average etc.) cannot be used here. Data is received from logstash with the concurrent user value as a separate field. A filter with this field (exists) is applied on the visualization page.
Idea is to capture the concurrent users value on the Y-axis with a hourly histogram on the X-axis.
Any inputs would be appreciated.
Thanks in advance!
Hey @rohus24 it sounds like you don't have the concurrent users in a separate field in Elasticsearch, is this correct? You'll want to use Logstash or the Elasticsearch Ingest Node to parse the single line of text into separate fields, and then you can create your Kibana Visualizations, etc.
Hi Brandon, thanks for your reply. I do have the concurrent users parsed and stored as a separate field in Elasticsearch via Logstash. What aggregation should I choose when making the visualization? The count aggregation for example shall literally count the instances of the field reported for preparing the graph. I would like to use the literal value denoted by the last column in the logs (e.g. 0 followed by 0 followed by 1 the next minute) for plotting the graph.
@rohus24 Ah, gotcha. As you're probably aware, the Kibana Visualizations are all based off of aggregations against Elasticsearch and not the raw values. I assume the concurrent users field is a snapshot of the number of concurrent users at that specific point in time, and this fluctuates throughout the hour, but you're looking for a single data-point to display to end-users. In this situation, using the Max aggregation of the concurrent users seems to be the closest to what you're looking for.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.