Heatmap 24h - 7d

axi92 · July 23, 2018, 2:14pm

I can't get my heatmap to work.
Days of Week at the X-Axis. (7 colums)
Hours of the day at the Y-Axis (24)

Metrics: I use Count, because I want to count how many occurrences are in one hour.
It looks like this at the moment:

But I want something like that:
https://discuss.elastic.co/uploads/short-url/51Qvc5AhgKGsvvqZC0RT4Rc19cR.png

That is my mapping:
{
"properties": {
"IP": {
"type": "ip",
"store": true
},
"address": {
"type": "keyword",
"store": true
},
"addressType": {
"type": "keyword",
"store": true
},
"channel": {
"type": "short",
"store": true
},
"date": {
"type": "date",
"format": "epoch_millis"
},
"location": {
"type": "keyword",
"store": true
},
"rssi": {
"type": "short",
"store": true
},
"ssid": {
"type": "keyword",
"store": true
},
"type": {
"type": "keyword",
"store": true
}
}
}

lukas · July 24, 2018, 10:48pm

You're going to want to create two scripted fields: One for hour_of_day with a script of doc['@timestamp'].value.hourOfDay, and another for day_of_week with a script of doc['@timestamp'].value.dayOfWeek.

Once you've created these, you can use them in visualizations, and you'll want to do a heatmap visualization and select a histogram of day_of_week with interval of one for x-axis, and a histogram of hour_of_day with interval of one for the y-axis.

Hope that helps!

warkolm · July 25, 2018, 12:01am

For a more effective option, you can also extra the hour and day into their own fields in the document and then run an agg directly. Scripts are great for adhoc stuff, but you really want to have their own fields in the long run.

system · August 22, 2018, 12:01am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.