Hello - I have been hunting around, and I think I cannot actually do what it is I want to do, but am wanting to confirm my suspicions.
The plan is to read the data from a log, to see the progress of users downloading files. There are a number of statuses that the clients can go through: RECEIVED, PROCESSED, ERROR or COMPLETE. What I would like, is a metric showing the count of clients in each state (really only COMPLETE or ERROR). To do this, I will need to use the TOP HITS metric to get the current state of a client and then count the records returned. However, as statuses are a keyword, I loose the ability to count.
Is there a way to actually do this?
Some sample data would be
{ "create": {} }
{"@timestamp": "2021-06-09T16:21:15.000Z","filename":"Accessory.json.gz","name" : "harold","status" : "RECEIVED"}
{ "create": {} }
{"@timestamp": "2021-06-09T16:21:16.000Z","filename":"Accessory.json.gz","name" : "harold","status" : "ERROR"}
{ "create": { } }
{ "@timestamp": "2021-06-09T17:21:15.000Z","filename":"Accessory.json.gz","name" : "bob","status" : "RECEIVED"}
{ "create": { } }
{ "@timestamp": "2021-06-09T17:21:15.000Z","filename":"Accessory.json.gz","name" : "bob","status" : "PROCESSED"}
{ "create": { } }
{ "@timestamp": "2021-06-09T17:21:16.000Z","filename":"Accessory.json.gz","name" : "bob","status" : "COMPLETE"}
{ "create": { } }
{ "@timestamp": "2021-06-09T18:21:15.000Z","filename":"Accessory.json.gz","name" : "richard","status" : "RECEIVED"}
{ "create": { } }
{ "@timestamp": "2021-06-09T18:21:16.000Z","filename":"Accessory.json.gz","name" : "richard","status" : "PROCESSED"}
{ "create": { } }
{ "@timestamp": "2021-06-09T18:21:17.000Z","filename":"Accessory.json.gz","name" : "richard","status" : "COMPLETE"}
I can show the the current client status in a datatable, but displaying in a metric is easy to read and understand at a glance.