I got through many visualizations until I came across seemingly a very simple one. I am trying various options but I feel it should not be that complicated and I am missing a trick. My ask is simple, I have Request and Response events coming in from log file and I want to show a percentage of Responses to Requests (i.e. Count of Response/Count of Requests x 100).
I added a grok filter, to tag the request and responses messages. First I used the same field name with different values. But with this I couldn't quite even calculate the sum. Then I added an integer field with value 1 for every event so that I can use 'sum'. I am able to sum the values but still not able to calculate percentages. Even the scripted field doesn't help here since it always calculates as 100% (1/1 * 100). Next I am looking at metrics filter and increment the counter through that. I should be able to achieve with this but it got me wondering whether I am making it too complex for my need. Please let me know if I am missing something here. Thanks.
Thank You Stacey for the detailed response. Yes with this I can now show the percentage as a time series. I also wanted to show a simple metric visualization with the latest percentage value as it stands.
Is that possible?
Right now I am displaying the sum, but I really want to show only the percentage.
No problem Stacey.
I don't HAVE TO use Visual Builder. As long as there is some way to perform some basic computation (percentage, min/max etc), it can be through Painless, Lucene whatever option is available. Thanks.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
