How to show missing data in elasticsearch kibana visualization

abhinav3 · January 6, 2021, 11:56am

I have few devices which are uploading below json data to elasticsearch.

{
  "_index": "logs",
  "_type": "_doc",
  "_id": "122",
  "_version": 7,
  "_score": null,
  "_source": {
    "Data": {
      "FacTotal": 62701268992,
      "FacFree": 56609468416,
      "FacStatus": "Normal",
      "Version": "2.0",
      "Ip": "192.168.0.106"
    },
    "Created": "2021-01-04T14:13:48.245760",
    "Device": "T1"
    "Customer": "demo1"
    
  },
  "fields": {
    "Data.UpTime": [
      "2021-01-04T14:10:05.000Z"
    ],
    "Created": [
      "2021-01-04T14:13:48.245Z"
    ]
  },
  "sort": [
    1609769628245
  ]
}

In above data, I have customer and device . I have 3 customers and each has multiple devices. They are uploading the json logs to elasticsearch which I have been able to visualize on data table on kibana.

But lets say if any one of the device from any customer goes offline, it will stop sending data. Is there any way we can get this offline device which is not uploading data so that we know the list of devices which are currently offline.

I have the list of total device across all customer but not sure how to check for offline device. Please help. Thanks

wylie · January 6, 2021, 4:04pm

You need to convert your data to be entity-centric instead of time-based. This can be done using the transforms feature, or by changing the way you index data in Elasticsearch.

Andrew_Cholakian1 · January 6, 2021, 4:22pm

I've moved this to the Kibana topic from Uptime, since it's more appropriate there

system · February 3, 2021, 4:22pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.