Help Creating a Visualization

CommanderTso · February 7, 2020, 9:16pm

Hi folks,

I'm working my way through learning Kibana, but was hoping someone could give me a leg-up on a visualization I've been asked to create in the short term.

I have an index of filebeat documents harvested from /var/log/messages on a Lustre storage system. For the records in there that I want to visualize, each will have a value for error.type and error.additional_occurances. The second field there represents the number of additional identical messages that Lustre squashed down.

I'd like to create a visualization that will show, overtime, the occurrances of each error.type and augment its magnitude on the visualization by the number of error.additional_occurances. For example, if I had, say an error of type "bulk READ error" with an additional_occurances of 400, the magnitude for that error at that point in time would be 400 (see note at bottom).

I'm open to bucketing this stuff however is helpful, and open to building it with Timeline, Visual Builder - whatever works. Any pointers you folks might have for me would be very welcome.

Thanks!

Note: To be exact, it would be 401 (the record itself plus the additional_occurances), but I don't need to get hung up on that.

CommanderTso · February 7, 2020, 9:30pm

Playing with it more, I tried:

.es(index=filebeat-storage*,split=error.type:10, metric=sum:error.additional_occurances)

My concern here is that I'm pretty sure I'm dropping events that don't have a value for additional_occurances, which won't be present if my grok parser didn't find any corresponding value in the log entry.

flash1293 · February 11, 2020, 11:51am

Hi @CommanderTso,

that looks pretty good already. You can add a static value of one (the implicit original error that didn't get squashed) to each value like this:

.es(index=filebeat-storage*,split=error.type:10, metric=sum:error.additional_occurances).add(.static(1))

This should make sure you are not dropping empty buckets

CommanderTso · February 11, 2020, 2:15pm

Awesome - thanks! I'm also working through the Kibana on-demand course, and the introduction of aggregations fills a big hole in my understanding of how the Visualizations can work.

system · March 10, 2020, 2:15pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Visualization of errors aggregated by exception name and stack trace Kibana	3	1102	February 28, 2022
Daily Average Count visualization help Kibana	3	8988	January 11, 2019
Kibana visualization and dashboard Kibana	4	264	July 30, 2018
Need advice Kibana	3	515	June 8, 2017
Anyone, Help me about vizualization with my log pattern! Kibana	4	269	December 17, 2020

Help Creating a Visualization

Related topics