How to visualize JSON array in Kibana

obaid · August 20, 2018, 11:19pm

Context:
I have my application logs on ELK, where JSON API response looks like:

Response 1: 

    {
      "rules" : [
        {"name" : "R1", "value" : "Y"},
        {"name" : "R2", "value" : "Y"},
        {"name" : "R3", "value" : "Y"}
        ]
    }

Response 2: 

    {
      "rules" : [
        {"name" : "R1", "value" : "N"},
        {"name" : "R2", "value" : "Y"},
        {"name" : "R3", "value" : "N"}
      ]
   }

My API is actually running rules, and it return response of each rule in the form of Y (rule passed) and N (rule failed). For example, above Response 1 shows R1 R2 and R3 all passed, where in Response 2 R1 and R3 failed.

Question
How do I plot the count of each rule with value 'Y' ?
Scripted Fields dont work since they return just one value, however here we have multiple Rule names?

Thanks
Obaid

lukas · August 21, 2018, 9:12pm

Whenever you use objects inside of arrays, it doesn't really play well with Kibana. You'll have a lot more luck if you create a separate rules index, and index each of the objects inside rules separately. Then you'd easily be able to create a visualization like you've mentioned.

system · September 18, 2018, 9:23pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.