How to visualise this data on a single stacked histogram?

Elastic Stack Kibana
#1

Hi Kibana-peeps,

Can anyone provide some advice on how to create a single, stacked histogram based on the following data. At the moment everything I'm trying results in split charts which I'd like to avoid.

My data is time-based events which record when an application starts or stops. I have a number of different applications in my environment.

Records in ES will be created with these fields:

  • eventTimestamp: the datetime the application started or stopped
  • context: will be one of either "APPLICATION STARTED" or "APPLICATION STOPPED"
  • appName: the name of the application
  • hostname: the host on which the application was running

Ideally I was hoping to create a grouped date histogram where the data was grouped by appName but the individual bars were stacked to distinguish 'APPLICATION STARTED' events from 'APPLICATION STOPPED' events.

The grouped date histogram bit is fine, but my only option for the next bit appears to be to add a new x-axis sub-bucket of type split-chart, and add two filters on the 'context' field.

Can anyone offer any advice on whether its possible to do this without needing the 'split chart'?

Cheers,
Steve

#2

I don't believe this is possible now, but will be possible once this feature is complete: https://github.com/elastic/kibana/pull/10070

@ppisljar can you confirm?

#3

so just to confirm i understand correctly :slight_smile:
you want a chart where on x axis you have date histogram
on y axis you want stacked bars, 2 for each appName (started and stopped) ?

#4

Hi Peter,

That's correct. Basically I've got a number of applications in production which could be stopped/started at any time of day, and I want to be able to report on/visualise when this has happened.
Stacking the stop/start events for an individual application was an idea I had in an attempt to 'declutter' the chart, as when I have lots of applications the chart gets a bit busy otherwise.

Stacey - thanks for your input too.

Best regards,
Steve

#5

i think (hope) this will be possible once we add pipeline bucket aggs https://github.com/elastic/kibana/pull/10070

#6

Hi Peter,

Thanks for the update. I'll keep an eye out for this feature.

Cheers,
Steve

#7

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.