How to use kibana to aggregate(count) based on different user scenarios

Elastic Stack Kibana
1

Hi Team,

I have collected some user behavior data in elasticsearch end user did on Web UI. I have hundreds of events in ES and below are the event' fields .

  • userId (which is the login user)
  • actionType (which represents the action end user did on UI, for example, search, saved search, export search result etc..)
  • timestamp (which means when the UI action happens)
  • module (means which module he did the action)
  • page ( means which page he did the on Web UI)

For example, I have below sample events,
time stamp,userId,module,page,actionType
14:01:01,user1,scm,ts,open
14:01:01,user2,scm,ts,open
14:01:02, user1,scm,search
14:01:03, user1,scm,save
14:01:02, user2,scm,export
14:01:06, user1,scm,open
14:01:06,user1,scm,export

There are two user scenarios based on above events:
user1- open-search-save
user1- open-export
user2- open-export

Now the visiualization in kibana I want to see is
user scenario count
**open-search-save 1 **
open-export 2

How kibana to achieve this??? two questions here:

  1. How to write the script fields to chain the values of actionType in different events for a user
  2. Can Kibana aggregate based on the script fields?
2

A scripted field only works in the context of a single document, not on multiple documents. Also, ES isn't the best database to use for a query like this. You can show all the events of user 1, sorted by a timestamp, by using filters and the Discovery page, but that's about it.

3

Hi Marius,
“ You can show all the events of user 1, sorted by a timestamp, by using filters and the Discovery page, but that's about it.”

can the process be visualized by kibana?

  1. For showing events based on user, select userId as term to group by, right? Then the value of Y-axis is the count of aggregation. Actually I don’t want it do agg here as it’s not my expected visiualiztion chat.

  2. I am thinking my requirement should not be unique,and other elk stack user might have same problem? How other user visualize such user scenario cases if scripted fields can’t achieve it? Can you please share?

4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.