Hello,
I need to graph the top 10 URI response over time with duration > 5s.
I managed to graph the top 10 URI reponse over time but I don't know how to add the condition duration >5s.
I am absolutely not sure about this, but try on your bucket to click on advanced and try as JSON input:
{"script": "if (doc['your_duration'].value > 5) {_value} else {0} "}
This works quite fine on a sum aggregation, but on a term/count, I'm not sure
Anyway, It will propably not work well (I'm just beggining to undertand how this input works), but try investigating on JSON input until someone replies correctly to you
Thank you, it's a good idea. I tried but I get this error :
{"type":"index_out_of_bounds_exception","reason":"index_out_of_bounds_exception: null"}}},"status":500}
Do someone have another suggestion?
Thank you
Not really.
I might have a fix, but it's truly horrible.
In logstash, made these logs have a field like: count_response and set it to 1 (integer).
Then, on your y-axis, use sum on this new field instead of count, and on y-axis again, use the JSON input:
{"script": "if (doc['your_duration'].value > 5) {1} else {0}"}
It will work I think. But it's kinda clunky. Use it as a temporary fix if you want, but keep searching for a better way to achieve this
(btw, got same error as you if I try this on my bucket and not on my metric (y-axis))
Ok Thank you Nico.
I'm trying to find a solution without logstash....
Oh wait a minute...
Did you try, instead of linking the graph to your index, to link it to a kibana search?
No, I didn't try and I don't know how to do it
Ok then.
Go to discover, on search bar, type: (supposing 'duration' is the field you want to test and is type Number):
Type: duration:>=5 (or 5000 if in ms, etc.)
Normally, on discover, you shall now only have the fields you want to display (maybe add conditions to you search if there is other logs).
Now save it (top right corner).
Then, go to visualization, select vertical bar chart, and now, instead of choosing your index as your source, choose your new saved search. And done.
For further info on how queries works with Kibana/ES:
Yes, I see what you mean but with this method I'll just display the duration:>5. However, I need top 10 URI response over time with duration > 5s.....
You mean that you want the top 10 URI (independant of their duration) and then only display those with duration > 5s?
I need the top 10 URI dependant on their duration (duration :>5s) 
then how the search filter won't work?
It is only a filter, you get all the document (that means all their fields) that match the condition provided
You just use these as a source data, then your graph will be the same (config-wise) as your 1st one
Yes I already tried a filter : duration:[0 TO *] . I tested with duration equal to 0s to find all documents where number is greater or equal to 0. But nothing was displayed.
Was not the intended place to write the filter... I recap again
Go to Discover tab.
On Search Bar, type: name_of_your_duration_field:>=5if the field is in second
Still on discover page, click on save, choose a name and save.
Go to Visualize tab
Create a new Vertical Bar chart vizualisation
Now, instead of logstash-* (I presume) as a source, choose your freshly saved search.
Now, re-setup your graph (like in your 1st post) and it shall be ok.
I understand what you said before but my Elasticsearch is customized as a TSDB so my field duration is not indexed so she is not searchable.
I get nothing when I type duration:>5 on the search Bar that's why i was looking for a different way.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.