Hi all,
So, I am currently using Kibana 5.2.2 to monitor whether my components are up or down. For that, each component sends a log to elastic search every now and again which includes:
{
"Component": "myComponent",
"Notification": "True",
"NotificationType": "Informational"
}
I've made this visualisation:
Which shows me the components that are up in green and the components that are down in red according to their latest log entry.
Now my issue is that if a component never sends any logs to elasticsearch or if it stops responding after a while, Kibana has no way of detecting that, unless I go in and split the chart using the filters aggregation and specify all component names. I'm fine with doing that, but then the visualisation shows me this:
Filters 2 and 3 represent components that have not sent any logs to elastic search. My issue is that there is just a blank space with the component name beneath (cant see the name in the screenshot) if there are no logs for that component. Instead, I'd like that to display an orange circle, but I have no clue how to do that. I tried writing a script that would sort of display the noLogs entry value if the entry was null or empty
def entry = doc['Entry.keyword'].value;
if(entry == null || entry == "")
{
return "NoLogs";
}
return entry;
But it made no difference. I think there is something wrong with my logic, but I'm well and trully stuck. Or maybe I should use the JSON input (if so, please give me a clue as to how to do that)? Any help would be much appreciated!
