How to create any kind of vizualisation in Kibana, which change the color according to amount of logs in time. Let's say, it should be green if there is any amount of logs within 5minutes, if no log is present in 5 mins, it should turn to Orange, if no logs are present in 30 minutes, then let it turn to red.
I prefer some kind of semaphore, however, it could be anything, which could be saved to dashboard.
Hi @Rnx
would something like this work?
The numbers there 0, 1, 2 are used to colour correctly the tile, but have no metric value unfortunately.
To build that I've created a Metric chart in Lens and defined the primary metric as follow with Lens formula:
ifelse(count(reducedTimeRange='5m') > 0, 2, ifelse(count(reducedTimeRange='30m') > 0, 1, 0))
That reflects you logic, using the 0, 1, 2 to encode the different output types: if the count in the last 5 minutes is greater than 0, then mark it as 2, otherwise if count in the last 30 minutes is greater than 0 mark it as 1, else 0.
Note I've set the label to empty string to avoid too much clutter in the tiles.
Then I've configured a dynamic colouring logic as follow:
And at last a breakdown metric by IP:
Make sure to configure in the breakdown the number of columns to something more than 3.
You could potentially configure a secondary metric to show the last timestamp for the client ip if you want.
Hope it helps.
Hi, helped a little, I forgot there is a formula in "Metric" diagram. There could be million records of logs as well as none, so I was looking for something like "least effort", that means no data parsing or scripting. I found out there is now() function and is possible to compare it with @timestamp.
The outcome is formula:
abs((now() - last_value(@timestamp) - 3600) / 1000)
where abs() can be omitted, 3600 is time zone shift (dirty solution) and / 1000 removes milliseconds.
Result is count of seconds, which can be freely marked or painted within the metric diagram.
