Is it possible to configure a table that reports either # of events received or just the presence of the agent on the host?
Host AuditBeat FileBeat MetricBeat PacketBeat WinLogbeat
Host 1
Host 2
Host 3Since each beat type writes to a different index, not sure how to get a single chart that does what you are looking for. Per beat, you could do a terms aggregation on host for x axis and count aggregation for y and that would display all the hosts you were getting beat data from for that type. It would not show you hosts that had not reported any data as there aren't documents from those hosts in the index. Hope this helps.
You may actually be able to do it through a table visualisation created through time-series visual builder.
Under Panel Options, set Index Pattern to *beat-* to catch all Beats related indices.
Under Columns, select beat.hostname as the Group By Field.
Then create a column for each type of beat you have deployed. Select a Count aggregation and under Option you then add an appropriate filter, e.g. beat.name: filebeat.
This may need a bit of tweaking, but might actually work.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.