List the active users using login and logged out events

Mark_Harwood · August 11, 2017, 9:16am

I can think of several:

Aggs solution - terms agg to group by session ID and sub aggs to gather related login/out events
Stream solution - use scroll api sorted on session ID
Active users index - create doc with session ID on login, delete on logout
Entity-centric index to track active sessions, durations and more.

Solution 1 is not scalable with large numbers of users and is needlessly bogged-down with historical inactive sessions.
Solution 2 is scalable but slow and requires custom querying code
Solution 3 requires custom indexing code but is easy to query
Solution 4 requires custom scripts (examples available) but offers greater potential insights into sessions.

Topic		Replies	Views
How to visualize user login Kibana	4	736	August 28, 2023
Comparing multiple timestamp fields Elasticsearch	7	1268	July 5, 2017
Need help with aggregation and unique counted values Elasticsearch	2	565	July 6, 2017
How to list users that uses Elasticsearch/Kibana? Elasticsearch	2	345	October 6, 2022
Query to calculate login success and failure rates Elasticsearch	2	1153	May 24, 2021

List the active users using login and logged out events

Related Topics