I have been battling with this issue for few days now and I would like to get some opinions on the best approach to this problem. I am using metricbeat with http module to fetch a list of Health and Status from an app.
The response from jolokia http request:
"healthId": "Broker Backup Status",
"message": "Broker Backup running."
"healthId": "Replica Sync Status",
"message": "There is a problem."
"healthId": "App Status",
"message": "App is running but there are issues."
value list in the response, is a list and each element in the list represents a Health and Status. We want to display a kibana gauge for each element in the list.
When I attempt this, I get a gauge for each Health and Status but the metric displayed is an aggregation for all of them. I have set the type of index to
nested but that did not help with visualization since I believe that it is not supported.
What is our best option here ? Is there a way to pre-process the data before it is sent to elastic and break each element in the list to a separate document ?
Any help is appreciated. I am very surprised that we can't accomplish such a simple task with the ELK stack because we plan to leverage it for all of our platform.
Currently splitting up the document into multiple documents is indeed the best approach to visualize the
values separately. You can do this with the "L" of ELK - Logstash: https://www.elastic.co/guide/en/logstash/current/plugins-filters-split.html
Thank you for the quick response, Joe.
It looks like that might just work, I am looking further into it. Although, I am still a bit unclear on how I would represent this series of index on Kibana. Do I need to use a filter and create a single gauge/visualization for each event ?
It depends on what exactly you want to visualize - for example you could use a terms aggregation splitting the gauges by the message or by the level. Visualizations in Kibana always work on aggregations, not in individual documents. You could also index the auto-generated _id field if you want to work with individual documents, not aggregations of many documents.
I changed from metricbeat to logstash with split filter and it worked seamlessly. Thank you!
I was able to display healthPercent and healthId in the label. Although, I would also like to display the message, is there a way to do that with the gauge or am I limited to displayed those two variables only ?
With gauges you are indeed limited to the term of the field you split by and the value of the gauge. If that serves your use case you could use the "Metric" visualization. You can use the "Top Hit" aggregation as a second metric to show the message.
Another option would be to use two visualizations (gauge for the value and metric for "Top Hit" of message), then put them next to each other on a dashboard.
I believe using the "Metric" visualization is a better option in this but I cant seem to accomplish what you mentioned above.
My first metric is a "Top Hit" since I want to get the last value of the index. When I add a second metric as a "Top Hit" I cant seem to get them combine with the first metric, if that is the goal.
No, in that scenario they would be displayed as separate metrics. Unfortunately it’s not possible to control the styling to such a degree. If you are running the default distribution of Kibana, maybe Canvas is an option - it allows very fine-grained styling options.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.