Kibana Add New Metric

beyond · May 2, 2018, 2:48pm

Hello,
I m a newbie just started to use ELK,i have a log with the SQL excution time, i would like to create new visualization which will hv Y axe Excution time X axe timeline, unfortunetly kibana gives me just some predefined metric count max min .....in the Y axe, is there a way i can add my field as metric?

Thank you so much

atira · May 2, 2018, 2:59pm

I think you what want is the average execution time. This is quite easy to get with Kibana, if you have your data properly indexed in Elasticsearch.
How does your data looks like in Elasticsearch?

beyond · May 2, 2018, 3:39pm

Thank u for your answer , when i click average then when try select my field can't find it, below is the mapping Execution_time

{
"logstash-sniffer" : {
"mappings" : {
"default" : {
"dynamic_templates" : [
{
"message_field" : {
"path_match" : "message",
"match_mapping_type" : "string",
"mapping" : {
"norms" : false,
"type" : "text"
}
}
},
{
"string_fields" : {
"match" : "",
"match_mapping_type" : "string",
"mapping" : {
"fields" : {
"keyword" : {
"ignore_above" : 256,
"type" : "keyword"
}
},
"norms" : false,
"type" : "text"
}
}
}
],
"properties" : {
"@timestamp" : {
"type" : "date"
},
"@version" : {
"type" : "keyword"
},
"geoip" : {
"dynamic" : "true",
"properties" : {
"ip" : {
"type" : "ip"
},
"latitude" : {
"type" : "half_float"
},
"location" : {
"type" : "geo_point"
},
"longitude" : {
"type" : "half_float"
}
}
}
}
},
"doc" : {
"dynamic_templates" : [
{
"message_field" : {
"path_match" : "message",
"match_mapping_type" : "string",
"mapping" : {
"norms" : false,
"type" : "text"
}
}
},
{
"string_fields" : {
"match" : "",
"match_mapping_type" : "string",
"mapping" : {
"fields" : {
"keyword" : {
"ignore_above" : 256,
"type" : "keyword"
}
},
"norms" : false,
"type" : "text"
}
}
}
],
"properties" : {
"@timestamp" : {
"type" : "date"
},
"@version" : {
"type" : "keyword"
},
"Execution_time" : {
"type" : "text",
"norms" : false,
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
},
"IP" : {
"type" : "text",
"norms" : false,
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
},
"TIME" : {
"type" : "text",
"norms" : false,
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
},
"WORD" : {
"type" : "text",
"norms" : false,
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
},
"geoip" : {
"dynamic" : "true",
"properties" : {
"ip" : {
"type" : "ip"
},
"latitude" : {
"type" : "half_float"
},
"location" : {
"type" : "geo_point"
},
"longitude" : {
"type" : "half_float"
}
}
},
"host" : {
"type" : "text",
"norms" : false,
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
},
"message" : {
"type" : "text",
"norms" : false
},
"path" : {
"type" : "text",
"norms" : false,
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
},
"tags" : {
"type" : "text",
"norms" : false,
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
},
"test" : {
"type" : "text",
"norms" : false,
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
}
}
}
}
}
}

atira · May 2, 2018, 3:48pm

As I expected, execution time is stored as text.
While to you the data stored might look like numbers, but for Elasticsearch (and so for Kibana too) they are text. And you can't do calculations on text, only on numbers.

You need to store the field Execution_time as number.

beyond · May 2, 2018, 4:03pm

Thank u soo much it musts be that, i know it is beyond this thread, can u plz help me how to change it whether from logstash itself or elasticsearch?

atira · May 2, 2018, 4:22pm

Well, I've been actively analyzing ES only for one month. For my use case (custom apache web server logs) I've found explicit mapping to be useful, gives me more control, accuracy. It's also more work.
You are currently using dynamic mappings.

What I did is create an index template* and define mapping in the template.

*I'm having Logstash send data into indicies based on the event's month

I'd recommend reading about it.

Index templates
Index mapping
Dynamic mapping - this I haven't been studying yet

Note that you'll have to reindex your already indexed data if you define new mappings.

beyond · May 2, 2018, 4:32pm

Thank u i just added mutate in logstash and it works

mutate {
convert => {
"Execution_time" => "float"
}

system · May 30, 2018, 4:32pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Kibana AVG last hour Kibana	4	818	March 16, 2018
New to Kibana, not sure how to create a horizontal bar chart Kibana	2	1606	December 18, 2017
How can i add a field to visualize a specific value and to calculate with it? Kibana	5	446	April 5, 2018
Can we fetch date field in metric in kibana visualization. ? I tried but i failed, is there any alternative? Kibana	6	1882	July 6, 2017
Metrics filter out to Elasticsearch Logstash	4	881	July 6, 2017

Kibana Add New Metric

Related topics