I'm new to Elastic and Kibana. I've been tasked with investigating Kibana as a solution for our system uptime reporting. Our Elastic 7 logs state codes for our system, where up =1, down =2 etc. every two minutes. For reporting purposes however, only every 3rd consecutive '2' counts as a true downtime. Is it possible to achieve this using aggregations/queries/KQL, or are these calculations better left for analytics applications in a data warehouse?
I think in most tools the best practise would be to model your data differently to make it easier to analyze.
You could use Elasticsearch transforms to transform your up/down events into an an entity-centric index Transforming data | Elasticsearch Guide [8.3] | Elastic
There's a great webinar with a practically worked out example that should point you in the right direction https://www.elastic.co/videos/entity-centric-indexing-mark-harwood
Once you have an entity centric index, Kibana would easily be able to visualize it.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.