Display count of tomcat down -metric visualization

PRASHANT_MEHTA · March 11, 2022, 4:03pm

Trying to create a visulization in kibana that should only display no of tomcat which are down.
I guess I'm using wrong aggregation and not getting exactly wht can help out here.
'''''''''''''''''
logs:
Filelds:
1)tomcat.host_name:kpti001,kpti002..etc
2)tomcat.server_status : "UP" or "Down" Value
'''''''''''''''''''
Issue: when tomcat goes down the count shows correct and updates on visualization,ex 2 tomcat down--metric shows "2",but when server is up it takes 15 min to show current status of UP.
The timefilter is 15 min,but refresh is set 10 s,still not getting how come its updating the value after 15 min,though in discover index the status comes up immediately as "UP".I guess the Unique count and count aggregation are causing it but wht could solve this,any diff aggregation?

Thanks,
Prashant

nickpeihl · March 14, 2022, 1:01pm

Hi @PRASHANT_MEHTA. I believe you only want to check the latest status of the Tomcat server. So you might try settings your Metrics to Top Hit on the @timestamp field.

PRASHANT_MEHTA · March 14, 2022, 2:07pm

hello @nickpeihl ,thanks for looking into this,I want the total count of tomcat that are down.
Ex:Server 1-Tomcat1,Server 2-Tomcat 2...Server n Tomcat n,Now suppose out of active 25 tomcat,5 tomcat goes down so I want 5 to be displayed real time i.e current status.I did tried the Top hit earlier but it didn't worked.Just want the count of host that are presently down.This is something admin will check for real time to check the status.Any suggestion would be helpful.
Sample Logs Image:
tomcat.server_status: "UP" or "Down"
tomcat.tomcat.host_name:td06app1001,td02app1002,td03app1003...
Kibana 7.9.1

nickpeihl · March 14, 2022, 2:30pm

Hi again @PRASHANT_MEHTA. I believe you need to have a terms query for the top hit (on @timestamp) for each server then count the results. You might want to use the advanced features of TSVB for that.

PRASHANT_MEHTA · March 14, 2022, 3:45pm

@nickpeihl Thanx for your quick response!! ,I achieved the desired result.Many Thanx.

system · April 11, 2022, 3:46pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.