I have a few devices that periodically send data to elasticsearch. If the devices send data that indicates them as offline I have an elapsed_filter that waits until it sends data indicating it is online again. I end up with a document that has the fields "last_online", "time_offline", "current_time".
My question: Is there a way to visualize this data in such a way I can see the time when the device is offline until it is online again? Currently it seems I can only do this if there are multiple documents, otherwise I can only get 1 point of time on the graph.
Hello, you could add a very simple scripted field to the documents that your devices send to ES, something like return 1 which would mean it's ON.
Then add a date histogram with a line chart or area chart, with an avg metric or something similar on that scripted field and then split the chart based on device name if you want see all of them on the same visualization.
This way you would have a chart that shows 1 if it's on and 0 if it's off in that interval.
If you want to display just the duration on a chart, that is a different thing, but i'll let you answer before I go into that as well.
Thank you for your reply. I should have mentioned that I have a field on all the documents describing if they're online or offline.
My goal is to have a chart that has the X-axis as time, and Y-axis, as you say, 1 or 0 to represent online or offline.
The documents for each device come in at set intervals to describe if it's online or offline. So how could I write this script for the chart so for everytime the "content" field reads online the line on the chart is at 1 and everytime the "content" fields reads offline the line on the chart is at 0? I am not at all familiar with painless or groovy though I see it come up quite a bit.
I would like to use a line chart or area chart as you say.
ah, if you already have a document that describes it as online/offline you could assign a value in a scripted field to each and then chart that value.
For example, if you have a status field that could contain online or offline you can do something like this:
if (doc['status'].value == 'offline`) return 0;
return 1;
After using this method I decided to use a mutate filter in logstash to add an integer status field to reflect the online status. Though I wouldn't have come to this solution without your help.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.