Can anyone provide some advice on how to create a single, stacked histogram based on the following data. At the moment everything I'm trying results in split charts which I'd like to avoid.
My data is time-based events which record when an application starts or stops. I have a number of different applications in my environment.
Records in ES will be created with these fields:
eventTimestamp: the datetime the application started or stopped
context: will be one of either "APPLICATION STARTED" or "APPLICATION STOPPED"
appName: the name of the application
hostname: the host on which the application was running
Ideally I was hoping to create a grouped date histogram where the data was grouped by appName but the individual bars were stacked to distinguish 'APPLICATION STARTED' events from 'APPLICATION STOPPED' events.
The grouped date histogram bit is fine, but my only option for the next bit appears to be to add a new x-axis sub-bucket of type split-chart, and add two filters on the 'context' field.
Can anyone offer any advice on whether its possible to do this without needing the 'split chart'?
so just to confirm i understand correctly
you want a chart where on x axis you have date histogram
on y axis you want stacked bars, 2 for each appName (started and stopped) ?
That's correct. Basically I've got a number of applications in production which could be stopped/started at any time of day, and I want to be able to report on/visualise when this has happened.
Stacking the stop/start events for an individual application was an idea I had in an attempt to 'declutter' the chart, as when I have lots of applications the chart gets a bit busy otherwise.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
