How to find difference in ingested logs using Kibana visualization?

rajdevworks · April 20, 2020, 11:24pm

I have a continuous stream of logs being ingested in ELK stack and created visualizations in Kibana view for monitoring purposes. The logs are ingested from an server application which receives HTTP requests from client.

One of the new monitoring requirement is to find out requests failed at time T1 is succeeded at time T2 or not. In the logs, we have timestamp, request ID and request status.

Example:

Failure request log

{
  "time_start": "10/Apr/2020:16:36:05 +0000",
  "status": 500,
  "request_id": "7974457c",
  "object_name": "fileA.txt",
}

Success request log

{
  "time_start": "10/Apr/2020:16:56:59 +0000",
  "status": 200,
  "request_id": "3e35bd25",
}

As seen here, there was a retry for the same object 20 minutes later. Using Kibana visualization I want to know if there was an object retry from client performed or not. As seen in the below table, column A have failed object names, while column B have succeeded object names. File4 and File8 object were not retried by the client.

Using Kibana, how can I find out such difference?
Right now I'm using a script that queries the data node using the index.
Can it be achieved using a plugin?

wylie · April 22, 2020, 7:07pm

Because you are doing matching across multiple documents, which is a type of join, you need to do some custom scripting. It could be done in a Kibana plugin because you can make multiple requests and join the results.

rajdevworks · April 22, 2020, 8:15pm

That gives us a confidence to start looking at the Kibana plugins.
As per my understanding, here could be the flow for me - develop Kibana plugin, deploy, and use it to visualize the data I want.

Correct me if I'm wrong or bless me.

Thank you.

wylie · April 22, 2020, 8:58pm

The only other option that might exist for you is to build a custom Vega visualization: this is not easy to do, but theoretically possible.

rajdevworks · April 22, 2020, 10:06pm

Wylie, I'm still a noob in ELK ecosystem, but can you tell me which one is easy and feasible solution to my question? - Kibana plugin or vega visualization?

wylie · April 22, 2020, 10:13pm

I don't think the thing you are trying to do will be easy with either approach. You will need to decide whether you want to learn how to use Vega or learn the Kibana plugin system.

rajdevworks · April 24, 2020, 4:03am

Wylie, are there any examples to look at that might help me?

Topic		Replies	Views
Need help to build visualisation in kibana Kibana	4	309	October 16, 2019
Need assistance with visualizing multiple queries in Kibana Elasticsearch	1	430	February 4, 2020
Show the difference between aggregated records for two filters in visualization Kibana visualisation	4	59	September 3, 2024
Want to show retried and failed counts separately in visulization Elasticsearch elastic-stack-monitoring	2	121	May 3, 2024
Find the unique transactions between passed and failed logs Kibana	2	376	December 31, 2020

How to find difference in ingested logs using Kibana visualization?

Related topics