Multiple lines for count of different values in one field

I have read in my Apache logfiles into Elasticsearch. They contain a field "server_name" which specifies the domain name of the site that was visited. Possible values are "domain-1.com", "domain-2.com", etc. (eight domains in all).

Here is an (anonymized) example line from the original logfiles, which specifies the site as "domain-1.com":

207.87.175.xxx - - [15/Sep/2018:00:04:49 +0800] "GET /index.html HTTP/1.1" 200 13252 www.domain-1.com "-" "Mozilla/5.0 (...)" "-"

I would like to create a graph with days on the x-axis and the number of entries for each day on the y-axis, with one line for each of my eight domains. Like this:

kibana.png700×500 40.2 KB

I've seen some tutorials on the web, this site among them, which make use of a Split Line graph that I cannot find in my version of Kibana (6.4.0).

How can I create such a graph?

I'm using Elastic Stack 6.4.0

You should be able to create a line graph, then for "Buckets", you'll want to "Split Series", select "Terms" as the aggregation, and choose "server_name" as the field, then "add sub-buckets", "X-axis", and choose "Date histogram".

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.