Average number of info logs in a particular time period

sachinbal · August 2, 2018, 7:27am

Hi,

I would like to know whether it is possible to generate a visualization for the average number of info logs in a particular time period. To be more specific I want to find the average number of info logs which are coming to my system from 6 pm to 9 pm from Monday to Sunday. The report which I want is as follows

Time Mon Tue Wed Thu Fri Sat Sun
6 pm - 9 pm 10 2 5 ........

Thanks
Sachin

Bill_McConaghy · August 6, 2018, 2:35pm

So this example query would return the documents between 6 and 9 bucketed by day:

GET logstash-0/_search
{
  "aggs": {
    "by_day": {
      "date_histogram": {
        "field": "@timestamp",
        "interval": "day",
        "format": "yyyy-MM-dd"
      },
      "aggs": {
        "between6and9": {
          "filter": {
            "script": {
              "script": {
                "source": "int hour = doc['@timestamp'].value.hourOfDay; hour > 17 && hour < 22",
                "lang": "painless"
              }
            }
          }
        }
      }
    }
  }
}

You could save it as a custom query and then create a visualization against it.

sachinbal · August 7, 2018, 6:38am

Hi,
I tried to use this but I am getting the following message.

Also I am not sure as to how do I create a custom query? I have entered the query given above in Discover, add a filter. Is this correct or do I need to enter it somewhere else. Please advise

Thanks
Sachin

system · September 4, 2018, 6:38am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.