Hello all,
I am using ELK in version 7.17.2 and I need some help.
I have 1 Geojson document with the location of my switches (around 80 switches).
And I have some indices (logstash-DD-MM-YYYY) about these switches.
In my indices logstash* and the Geojson document I have a field "Switch=XXX"
I have created a map with the geojson document.
And now I would like to have an interactive map, so when in my indices logstash* I have an error, the switch in the map is red or something like that.
Is it possible to link these 2 elements ?
I have tried to create an index patterns "logst*" with logstash* elements and geojson elements but it's not working.
Thanks for your help
You can use term joins to visualize your switches by logst* with errors.
To do this:
- In your map, click "Add layer"
- select "Choropleth" card
- Under " Boundaries source"
- select "Points, lines, and polygons from Elasticsearch"
- select your switches index pattern
- Set "join field" to the field containing the switch id
- Under "Statistics source"
- select "logst*" index pattern
- Set "join field" to the field containing the switch id
- Click "Add layer"
- In the layer editor "Term joins" panel, click the where clause to add a filter to "logst*" to filter for errors
- In the layer editor "Layer style" panel, under "Fill color", select "Custom color ramp". Add a row to show red when the count is equal to one or more.
Thanks a lot !
It's exactly that !
