Escalation of events logs

rweeber · February 26, 2019, 8:55pm

Hello Elastic community,
I've been struggling to find a way to identify what I like to call "escalations" in my dataset using the Kibana visualizations.

Basically I have event logs from several machines in our infrastructure that contain a field called "severity" with 5 different values/categories ["Normal", "Minor", "Warning", "Major", "Critical"].
What I want to do is create a visualization that easily identifies machines that have "escalating" severities over time.

I have attached a rudimentary picture as to what I imagine it could look like but I am open to other approaches as well.

In the picture you can see that Computer 3 and Computer 5 have this "escalation" I'm talking about where over time their log entries starting to increase in severity.

stiltz · February 27, 2019, 2:29am

I think what you show in your drawing is possible, however based on your description I don't think that drawing captures what you are actually looking for? Based on your description I would think Computer X could have counts of multiple severities each month so a single data point for each month wouldn't tell the whole story. Correct?

If so then a multi-line chart may not be the best option for what you are trying to show.

Topic		Replies	Views
Visualization to show Timeline events Kibana	6	3183	August 17, 2019
Kibana Calculate increase of Metric value Kibana	2	452	August 27, 2020
Log visualizing in kibana Kibana	8	921	April 26, 2017
Kibana adding logic to show data Kibana	3	404	September 8, 2018
Visualizing related data automatically Kibana	2	297	November 19, 2019

Escalation of events logs

Related topics