I have inserted custom logs in my application for response of different web services. I need to build a visualisation having count of all logs with status "success" and "fail" corresponding to particular serviceEndpoint.
The most straight-forward way to do that is to create a table visualization with 3 columns: service endpoint, status, document cound. You can do that with the "Data table" visualization. Just go to "Visualize" and create a new data table visualization there. Then add a terms aggregation in the buckets section for the split by service end point and another terms aggregation for split by status.
While using term aggregation in bucket section, the specific value serviceEndPoint and status are not available. Can you please expand the view and send show me.
If you are using the default mapping, then serviceEndpoint and status are indexed as text fields, but the terms aggregation only works on keyword-indexed fields. You should be able to use serviceEndpoint.keyword and status.keyword for the terms aggregation though - These fields are automatically generated by elasticsearch and are the keyword-indexed version of the actual field of your ingested data.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
