I have an index in elasticsearch that store messages from firewall logs, in one of the fields I have the name of the matching rule for each session and some of them are deny rules.
I'm trying to create a goal or gauge visualization to show the total count of the hits with the deny rule compared with the total count of the hits for all rules, is there anyway to make the range in the goal or gauge visualization to be dynamic?
The maximum value would be the total hit count and the bar in the goal or gauge would be the hit count for a query based in the rule field in my index.
I tried to replicate your issue using gauge visualization, but I think Pie chart works best for your use case .
You could also turn on the auto- refresh to be on.
Here you can see, in the pie-chart - you could use the Filter Aggregation to map it to your requirements of allow and deny rule. Filter 1- I have used the ports which allow 5601 and Filter 2, I have used which do not allow 5601 port. So the pie chart maps it accordingly. Hope this helps. If not, do let us know .
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
