Discuss the Elastic Stack

Multiple lines for count of different values in one field

Elastic Stack Kibana

What September 15, 2018, 12:14pm 1

I have read in my Apache logfiles into Elasticsearch. They contain a field "server_name" which specifies the domain name of the site that was visited. Possible values are "domain-1.com", "domain-2.com", etc. (eight domains in all).

Here is an (anonymized) example line from the original logfiles, which specifies the site as "domain-1.com":

207.87.175.xxx - - [15/Sep/2018:00:04:49 +0800] "GET /index.html HTTP/1.1" 200 13252 www.domain-1.com "-" "Mozilla/5.0 (...)" "-"

I would like to create a graph with days on the x-axis and the number of entries for each day on the y-axis, with one line for each of my eight domains. Like this:

I've seen some tutorials on the web, this site among them, which make use of a Split Line graph that I cannot find in my version of Kibana (6.4.0).

How can I create such a graph?

I'm using Elastic Stack 6.4.0

lukas (Lukas Olson) September 19, 2018, 4:40pm 2

You should be able to create a line graph, then for "Buckets", you'll want to "Split Series", select "Terms" as the aggregation, and choose "server_name" as the field, then "add sub-buckets", "X-axis", and choose "Date histogram".

system (system) Closed October 17, 2018, 4:40pm 3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

© 2020. All Rights Reserved - Elasticsearch

Elasticsearch is a trademark of Elasticsearch BV, registered in the U.S. and in other countries
Trademarks
Terms
Privacy
Brand
Code of Conduct

Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.