Hi Folks ,
Can you please help me to make Kibana dashboard . I have got below Splunk Query from which i need to make Kibana Dashboard. We are migrating from Splunk to ELK.
How to create deviation and and use in where clause ?
index=digital sourcetype=channel-services EntryExitLog country=US earliest=-65m latest=-5m AND NOT (ChannelErrorCode=C1131 OR ChannelErrorCode=C5241 OR ChannelErrorCode=C5242 OR ChannelErrorCode=C6006 OR ChannelErrorCode=C6017 OR ChannelErrorCode=C3579 OR ChannelErrorCode=C1999 OR ChannelErrorCode=C1052 OR ChannelErrorCode=C1266 OR ChannelErrorCode=C1462 OR ChannelErrorCode=C1620 OR ChannelErrorCode=C1974 OR ChannelErrorCode=C7799 OR ChannelErrorCode=C6007 OR ChannelErrorCode=C1787 OR ChannelErrorCode=C1068 OR ChannelErrorCode=C1121 OR ChannelErrorCode=C1124 OR ChannelErrorCode=C1775 OR ChannelErrorCode=C2012 OR ChannelErrorCode=C5000 OR ChannelErrorCode=C6518 OR ChannelErrorCode=C8021 OR ChannelErrorCode=C8112)| stats dc(ChannelSessionId) as CWC by ChannelErrorCode
|join type=outer ChannelErrorCode [ search index=digital
| eval deviation=round(((CWC-LFC)*100/LFC),0)
| where (LFC=0 AND CWC>7) OR (LFC<6 AND deviation>500) OR (LFC>5 AND LFC<15 AND deviation>300) OR (LFC>=15 AND LFC<30 AND deviation>200) OR (LFC>=30 AND LFC<50 AND deviation>100) OR (LFC>=50 AND LFC<100 AND deviation>50) OR (LFC>=100 AND deviation>20)
Attached Splunk dashboard which i need to make in Kibana .
Thanks
Sajal