Link Between indices (Geojson + data)

Chloe_Boissavy · November 2, 2022, 10:08am

Hello all,

I am using ELK in version 7.17.2 and I need some help.
I have 1 Geojson document with the location of my switches (around 80 switches).
And I have some indices (logstash-DD-MM-YYYY) about these switches.
In my indices logstash* and the Geojson document I have a field "Switch=XXX"
I have created a map with the geojson document.
And now I would like to have an interactive map, so when in my indices logstash* I have an error, the switch in the map is red or something like that.
Is it possible to link these 2 elements ?
I have tried to create an index patterns "logst*" with logstash* elements and geojson elements but it's not working.

Thanks for your help

Nathan_Reese · November 2, 2022, 3:22pm

You can use term joins to visualize your switches by logst* with errors.

To do this:

In your map, click "Add layer"
select "Choropleth" card
Under " Boundaries source"
- select "Points, lines, and polygons from Elasticsearch"
- select your switches index pattern
- Set "join field" to the field containing the switch id
Under "Statistics source"
- select "logst*" index pattern
- Set "join field" to the field containing the switch id
Click "Add layer"
In the layer editor "Term joins" panel, click the where clause to add a filter to "logst*" to filter for errors
In the layer editor "Layer style" panel, under "Fill color", select "Custom color ramp". Add a row to show red when the count is equal to one or more.

Chloe_Boissavy · November 4, 2022, 8:54am

Thanks a lot !
It's exactly that !

system · December 2, 2022, 8:55am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.