Hi guys,
I am new to kibana and I am having some trouble with a new dashboard.
What i need to create:
A dashboard showing the top 10 data received by user (under a chosen period).
The problem is that i cant do math with my data received and the amount of times that the value repeat. (Is is difficult to explain by text, so here is a sample):
You can't put both users and time on the X-Axis. So, you need to decide which you want.
If you really want users on the X-Axis, you'll want to do a terms agg on the X-Axis for your users, and set the size to 10. Then you'll likely want to do a sum of bytes for the metric, this will show you the total sum of bytes for each user, showing the top 10 users by their total byte count.
If you still want the time in the X-Axis, what you could do is split the lines (or bars) using a terms agg on the user, with a size of 10. This will show the total count in each chunk of time, and the top 10 users for each chunk of time.
Your message really helped, I only have 2 questions now:
1- In your first chart, it count the bytes based on what period of time?
2 - How did you get a field "Sum of bytes"? As you can see on my chart, the bytes split on the syze of each syslog registry (like: received 5000x 1024bytes, 100x 512bytes, and etc).
Nope, this is actually correct. What it's showing you is the top 5 users per bucket; that is, per time division. So here, your results are being split on 30 second intervals, so for each of those 30 second chunks, it is returning the top 5, so you end up with a lot more the 5 users total. It's a side effect of how query results work in Elasticsearch. I hope that makes sense.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
