Most recent event for devices

Elastic Stack Kibana
1

Hi,

I have a fleet of IoT devices that post every couple of minutes their status which could be online or offline. My goal is to have a metric that will show a count of all devices that are currently online, and a count for those that are offline. I want it to be dynamic so that if a device comes online it will drop out of the offline metric and go into the online metric.

My document looks like this:

{
"state": {
	"reported": {
		"wifistatus": "online",
		"uuid": "1234-1234-1234-0000"
	}
},
"shadow": {
	"state": {
		"reported": {
			"wifistatus": "online",
			"uuid": "1234-1234-1234-0000",
		}
	},
	"metadata": {
		"reported": {
			"wifistatus": {
				"timestamp": 1518205770
			},
			"uuid": {
				"timestamp": 1518205770
			}
		}
	},
	"version": 231,
	"timestamp": 1518205770
}

}

I am using the field "state.reported.wifistatus" to filter devices that are online.

I have been trying to use shadow.timestamp to find the most recent event. (since there could be hundreds of events for a device I need to find only the last event I received)

A problem I am running into is when a device has been offline for more than a year. I can't use a now-1m type of filter. Is there anyway to do this in kibana, if not is there a query in elasticsearch that will help me get this data?

2

Hey @twojays which version of Kibana are you using? You need the bucket script aggregation in Elasticsearch for this, and the only visualization in Kibana that currently supports this is the Time Series Visual Builder which is available starting in Kibana 5.4

3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.