Kibana timeseries with stacked bar graph

Elastic Stack Kibana
1

Hi.
I'm looking for help with getting a "particular" graph from kibana.
I have an index in my elastic server filling with this kind of information:

{
  "_index": "register",
  "_type": "_doc",
  "_id": "6kRQ8XkBeDPVH1c7C_I2",
  "_version": 1,
  "_score": null,
  "_source": {
    "dominio": "my.domain.net",
    "User-Agent": "Release 6.2.2.0 stamp 104875",
    "type": "register",
    "AOR": "d2.527@my.domain.net",
    "@timestamp": "2021-06-09T15:06:55.400Z",
    "Expires": "265",
    "command": "/tmp/dump_users",
    "host": "myhost1",
    "@version": "1",
    "dispositivo": "d2",
    "anexo": "527",
    "State": "CS_SYNC"
  },
  "fields": {
    "@timestamp": [
      "2021-06-09T15:06:55.400Z"
    ]
  },
  "sort": [
    1623251215400
  ]
}

I receive one of this event per "anexo" registered in a SIP server. I made a call every 5 minutes to a custom shell program in the server to get the REGISTERED phones in a PBX. Every registered phone gets a event like above. One "phone" can have two or more registers/events within a shell call.
So for example.. i can have for phone (annex) 527.. two registered events:

{
  "_index": "register",
  "_type": "_doc",
  "_id": "6kRQ8XkBeDPVH1c7C_I2",
  "_version": 1,
  "_score": null,
  "_source": {
    "dominio": "my.domain.net",
    "User-Agent": "Release 6.2.2.0 stamp 104875",
    "type": "register",
    "AOR": "d2.527@my.domain.net",
    "@timestamp": "2021-06-09T15:06:55.400Z",
    "Expires": "129",
    "command": "/tmp/dump_users",
    "host": "myhost1",
    "@version": "1",
    "dispositivo": "d2",
    "anexo": "527",
    "State": "CS_SYNC"
  },
  "fields": {
    "@timestamp": [
      "2021-06-09T15:06:55.400Z"
    ]
  },
  "sort": [
    1623251215400
  ]
}

{
  "_index": "register",
  "_type": "_doc",
  "_id": "6kRQ8XkBeDPVH1c7C_I2",
  "_version": 1,
  "_score": null,
  "_source": {
    "dominio": "my.domain.net",
    "User-Agent": "Release 6.2.2.0 stamp 104875",
    "type": "register",
    "AOR": "d1.527@my.domain.net",
    "@timestamp": "2021-06-09T15:06:55.400Z",
    "Expires": "265",
    "command": "/tmp/dump_users",
    "host": "myhost1",
    "@version": "1",
    "dispositivo": "d1",
    "anexo": "527",
    "State": "CS_SYNC"
  },
  "fields": {
    "@timestamp": [
      "2021-06-09T15:06:55.400Z"
    ]
  },
  "sort": [
    1623251215400
  ]
}

I need to show in a Timeseries visualization how many "phones" (anexo) have two registers... and how many phones has one register....maybe in a stack bar timeseries...
So far I wasn't able to create a graph with this kind of aggregattion... i only was able to show how many registered phones i have in total...
Is there a way to achive this?

Thanks!

2

I don't see this doable anywhere else than in Canvas with ESSQL. Canvas | Kibana Guide [master] | Elastic

3

Could this be possible with VEGA maybe?

4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.