Kibana user count based on start and end date

hi all ,
i want to create visual which show number of user login based on start or end time in say 30 minute bucket

for example if one user login 10 and logout 10.30
so graph whould show

10-10.30 1
10.30 - 10.45 0
something like this ..

this is my sample data .

dilip,1,2017/09/17 10:00:00,2017/09/17 12:22:00
d2,2,2017/09/17 10:00:00,2017/09/17 11:22:00
d3,3,2017/09/17 10:15:00,2017/09/17 11:22:00
d31,4,2017/09/17 10:20:00,2017/09/17 12:00:00
d4,5,2017/09/17 10:12:00,2017/09/17 10:40:00
d5,6,2017/09/17 11:00:00,2017/09/17 11:32:00
d6,7,2017/09/17 12:25:00,2017/09/17 13:22:00
d7,8,2017/09/17 12:20:00,2017/09/17 13:22:00
d8,9,2017/09/17 13:00:00,2017/09/17 13:22:00
d9,10,2017/09/17 14:00:00,2017/09/17 14:22:00
d10,11,2017/09/17 13:00:00,2017/09/17 13:22:00
d11,12,2017/09/17 13:00:00,2017/09/17 13:22:00
d12,13,2017/09/17 11:00:00,2017/09/17 12:22:00
d13,14,2017/09/17 12:00:00,2017/09/17 13:22:00
d14,15,2017/09/17 15:00:00,2017/09/17 16:22:00
d15,16,2017/09/17 17:00:00,2017/09/17 18:22:00
d16,17,2017/09/17 18:00:00,2017/09/17 19:22:00

any help or suggestion

thanks .

A first step would be to get this data into elasticsearch. We'll need to convert the csv lines to structured json, using something like the ingest node feature elasticsearch or logstash csv input

At a high level after the data is ingested, kibana can use a date histogram aggregation to show you auth attempts at a 30 min interval.

data is already in ES

Can you share how your field ended up looking in elasticsearch?

Date histogram on the timestamp field and a count aggregation should be pretty close to what you're looking for.

I remember a quite old thread that I think did something quite similar. Have a look at this and see if it matches what you are looking for. I have no idea if/how this would potentially still work.

thanks, i did by using timelion script .

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.