I'm using a data table in Kibana4 and am trying to achieve the following:
We are using logstash to retrieve events and I have one field in elasticsearch that marks an event as a transaction starting, success or failure. I already split my table by timestamp, and split my rows by application, but I can't seem to figure out how to get 3 metrics on one row that filter on that field. Is that possible using the JSON Input or another way?
@timestamp for day 1
AppName TransactionCount SuccessCount FailCount
app1 1000 995 5
app2 2000 1900 100
app3 123 123 0
@timestamp for day 2
AppName TransactionCount SuccessCount FailCount
app1 1000 995 5
app2 2000 1900 100
app3 123 123 0
We want to be able to have one row per service with a column that shows the count of messages received, processed, or not processed due to error. The msg_status field holds the value of "received, processed or error" and that is what we are trying to count.
This is what we currently have - as you can see it creates a separate line per msg_status (note that there were no errors in this time frame but I don't have good data at this time)
Hi - Sorry about the delay in the response. This is an interesting use case. I don't think there is a way to do this out-of-the box with Kibana today. That's not to say that we couldn't....
I know this is quite old, and we've all grown up and had kids now, but I posted a solution last December that might be applicable here (WARNING it might not perform well on very large sets of data).
Basically you create a new scripted field for each of your "statuses" and set them to 1 if they match the name of that status. See;
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
but I posted a solution last December that might be applicable here (WARNING it might not perform well on very large sets of data).