Hi,
I would like to know whether it is possible to generate a visualization for the average number of info logs in a particular time period. To be more specific I want to find the average number of info logs which are coming to my system from 6 pm to 9 pm from Monday to Sunday. The report which I want is as follows
Time Mon Tue Wed Thu Fri Sat Sun
6 pm - 9 pm 10 2 5 ........
Thanks
Sachin
So this example query would return the documents between 6 and 9 bucketed by day:
GET logstash-0/_search
{
"aggs": {
"by_day": {
"date_histogram": {
"field": "@timestamp",
"interval": "day",
"format": "yyyy-MM-dd"
},
"aggs": {
"between6and9": {
"filter": {
"script": {
"script": {
"source": "int hour = doc['@timestamp'].value.hourOfDay; hour > 17 && hour < 22",
"lang": "painless"
}
}
}
}
}
}
}
}
You could save it as a custom query and then create a visualization against it.
Hi,
I tried to use this but I am getting the following message.
Error: [parsing_exception] no [query] registered for [aggs], with { line=1 & col=145 }
at respond (http://elk.monetago.com/bundles/kibana.bundle.js?v=15629:13:2730)
at checkRespForFailure (http://elk.monetago.com/bundles/kibana.bundle.js?v=15629:13:1959)
at http://elk.monetago.com/bundles/kibana.bundle.js?v=15629:2:341
at processQueue (http://elk.monetago.com/bundles/commons.bundle.js?v=15629:38:23621)
at http://elk.monetago.com/bundles/commons.bundle.js?v=15629:38:23888
at Scope.$eval (http://elk.monetago.com/bundles/commons.bundle.js?v=15629:39:4619)
at Scope.$digest (http://elk.monetago.com/bundles/commons.bundle.js?v=15629:39:2359)
at Scope.$apply (http://elk.monetago.com/bundles/commons.bundle.js?v=15629:39:5037)
at done (http://elk.monetago.com/bundles/commons.bundle.js?v=15629:37:25027)
at completeRequest (http://elk.monetago.com/bundles/commons.bundle.js?v=15629:37:28702)
Also I am not sure as to how do I create a custom query? I have entered the query given above in Discover, add a filter. Is this correct or do I need to enter it somewhere else. Please advise
Thanks
Sachin
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.