Creating Kibana visualization using Kibana Query

eswarloges · June 25, 2018, 11:48am

Hi Team,

I have created an index with information like userid, name, loglevel (ERROR,WARN,DEBUG), logtime and the logmessage.

I wanted to know which user has got the maximum error count. I am able to create the kibana query.

GET testmetrics/_search
{
"size": 0,
"query": {
"match": {
"level": "ERROR"
}
},"aggs": {
"useraggs": {
"terms": {
"field": "user.keyword",
"order": {
"_count": "desc"
},"size": 1
}
}
}
}

How do I achieve the same in Visualization in Kibana.

Thanks
Loki

Suhas_K · June 25, 2018, 12:15pm

Hey @eswarloges,

You can achieve it using Data Table visualisation. Choose Count from the Metrics section and in Buckets select Split Rows -> Terms (in Aggregation). Next select the user as the field and select the other options as required. Finally add a filter(use the + Add a filter option just below the search box) with the field as Level and value as ERROR. Apply the changes to generate the data table.

Regards

eswarloges · June 25, 2018, 1:19pm

I want to display the metric only for the user with highest ERROR.

This is what I did.

In kibana visualization

In Metrics I have chosen Count
in Buckets I have chosen Terms aggregation ,field as user.keyword , Order By metric.count and Order by Descending
In filter I have chosen level.keyword as ERROR

I am getting 3 metrics as a result

But I want to display only the user with maximum value ie User1

Thanks,
Loki

Red_Thomas · June 25, 2018, 2:01pm

There's a size option in the query. If you set it to "1," does that give you what you're looking for?

eswarloges · June 26, 2018, 5:02am

It worked. Thanks all

system · July 24, 2018, 5:03am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.