Creating visualization with the single logline message

Elastic Stack Kibana
1

We have one usecase to create the visualization

We have below fields in one log message :-

requestedMsgCount 2500
allowedMsgCount 2400

startedMsgCount 2400
lostMsgCount 10
terminatedMsgCount 100

Now i want to create a visualization on the above fields in the below manner

  1. The visualization shows the data only for the new logline(single message) . Is this possible to create with the new logline ?
  2. There should be a bar graph which will show the requestedMsgCount and allowedMsgCount in single bar(Rejected rate) in which it shows the total message 2500 and difference between requestedMsgCount and allowedMsgCount(2500-2400=100). Same for the other fields.

Please refer the diagram for more blue represents for requestedMsgCount and red for rejected(requestedMsgCount - allowedMsgCount). So out of 2500 100 message are rejected
diagram

Could someone please help us in creating the above visualization?

2

any update ?

3

Hi,
what is the index setting? "log message" means one document?
If so, it is difficult to visualize data from a single document.
Kibana visualization is almost specialized in aggregating multiple documents.

If you have one document per one message and you can count them by aggregation query, the visualization might be easy.

4

Thanks for the reply @Tomo_M
"log message" means one document : yes
The sample message looks like this

2023-03-03 14:49:26.312 [INFO] - {"logtype":"Test","operation":"TestStatus","startedMsgCount":18,"allowedMsgCount":18,"requestedMsgCount":19,"lostMsgCount":0,"terminatedMsgCount":0,"totalLostMsgCount":271,"totalTerminatedMsgCount":991,"totalLostCeiling":3000,"totalTerminatedCeiling":15000}

This message will generate at regular interval for ex:- every 2min some messages are generated. So we want to create visualization on the latest logline only.
The attached diagram represents only for single message. I have tried some scenarios but I can only find the aggregation terms in visualization nothing related to individual message count. The drawback is that if i change the time it will affect the complete visualization.

what is the index setting? :- What exactly i can provide ? we are parsing the above logs and stored the fields as individual.

Could you please help us in the usecase? Please let me know if information required from my side

5

One option is using vega. If you want to use Lens, you have to store messages themselves as documents and aggregate them by elasticsearch and kibana.

6

hi @prashant1,
I have to apologize for my previous wrong information.

I found a way to (partialy) implement your requirements.

image
image2642×1724 231 KB

Using "Bar vertical stacked" and set "Last value of" for vertical axis.
Then you can create a vertical stacked barchart for the values in the latest document.

Problem (in my environment) is that even if you use "Layers", the values are stackd in the same bar. There could be some method but I could not find it. One workaround might be to create two Lens visualisation side by side.

7

Thanks for the information @Tomo_M
I will try this and let you know.

8

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.