How to use kibana search and use aggregation

Elastic Stack Kibana
1

Hello,

I am learning Lucene and Elasticsearch DSL.

I am using Winlogbeat and querying over field "log.level".
How to use aggregation "Count" and group the data by host so i know the count for a specific host.

Without using Visualization, i am fetching the count of events for 6 hours see below:

log.level: error

I get the following results:
Count 27
But there are multiple servers/hosts how can i get the following output:
Count 27 Host: XYZ_SERVER
Count 14 Host: ABC_SERVER
Count 20 Host: FGH_SERVER
I may have to use aggregation and group the data by host so i know the count for a specific host:
How can i get the "count" and group by "host.name"

I basically want to do something like this:
Select count(log.level=error) from Winlogbeat group by host

2

Hey @Ashish_Sikarwar, when you want to see aggregate information, you'll want to use a Visualization. If you'd like tabular output, the Data Table is the obvious candidate with a configuration like the following:

37%20AM
Screen Shot 2019-08-20 at 10.55.37 AM.png2982×1748 314 KB

3

You are right @Brandon_Kobel , vIisualization is the right candidate, if i'd be using Kibana.
But i will be issuing a query to Elasticsearch from a custom application.
I could use ES Query and perform aggregation which works-

log.level:error | agg:terms | field:fieldname size:10

Again thanks a lot for the reply!

4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.