Creating a difference list in Kibana

arunpmohan · September 12, 2019, 4:15am

I am shipping the data from, say 10 devices using Filebeat to an index ,say data-devices
Suppose the data format is as below from each device
{
"message": "log message goes here",
"device" : "device-01"
}
Assuming that now data is flowing from every device, when I do an aggregation on the "device" field on the index, I will get the list of all the 10 devices.

But, if two devices goes down (let us say device-04 and device-06 went down, or stopepd shipping logs for some reason),the same aggregation will result in the list containing 8 devices.

What I need here is to show the missing devices list in Kibana, as a table or any thing. How can this be done?

lukas · September 12, 2019, 3:15pm

Hmm, I can't think of a way to accomplish this today, but you can get fairly close.

You could create a "filters" aggregation, and have one filter for each device ("device-04", "device-03", etc.) and then you could sort by the count column. Instead of only seeing devices that aren't sending data, you'll still see all of your devices, but at least you'll know the ones with a count of 0 are the ones that are down.

Topic		Replies	Views
How to show missing data in elasticsearch kibana visualization Kibana	3	1271	February 3, 2021
How to create a master list of devices and compare with the input logs to show in Kibana Kibana	1	424	July 29, 2021
Compare two data set in Kibana and find missing record Kibana	3	508	June 5, 2019
Kibana Query for missing values Kibana	2	1636	January 11, 2017
Looking for data in Kibana Logstash kql-kibana-query-language	6	313	September 20, 2023

Creating a difference list in Kibana

Related topics