I am shipping the data from, say 10 devices using Filebeat to an index ,say data-devices
Suppose the data format is as below from each device
{
"message": "log message goes here",
"device" : "device-01"
}
Assuming that now data is flowing from every device, when I do an aggregation on the "device" field on the index, I will get the list of all the 10 devices.
But, if two devices goes down (let us say device-04 and device-06 went down, or stopepd shipping logs for some reason),the same aggregation will result in the list containing 8 devices.
What I need here is to show the missing devices list in Kibana, as a table or any thing. How can this be done?
Hmm, I can't think of a way to accomplish this today, but you can get fairly close.
You could create a "filters" aggregation, and have one filter for each device ("device-04", "device-03", etc.) and then you could sort by the count column. Instead of only seeing devices that aren't sending data, you'll still see all of your devices, but at least you'll know the ones with a count of 0 are the ones that are down.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
