Need to generate response time graphs from apache logs, average and pct95

lserranov · June 21, 2018, 9:33pm

Hi,

As a user, some time back I was able to generate Response Time graphs (Average and pct95) from apache logs. X axis was time, In Y axis there were 2 lines, pct95 and average. So I would assume I know how to do them.

Now, as a sysadmin, I just setup ELK system and I'm trying to do simmilar graphs. So I chose to create a "Line" Visualization. In there for X-axis I chose Date Histogram, no problem. But in Y axis, I chose: Aggregation = Average, However for Field value, I cannot pickup any field from the Apache logs, they do not show in the list. All I can chose is "offset" which doesn't help.

The question here is, what is the configuration I need to do so that in the Filed choice of the Line visualizations I can see and chose say response_time coming from apache logs?

Thanks
Luis

lserranov · June 21, 2018, 11:00pm

I went ahead and I checked my index. Looks like the field that I want looks like this:

Name, Type, Format, Searchable, Agreeable, Excluded
===== ==== ======= ========= ========= =======
server_time, String, "empty",yes, "empty" ,"empty"

I wonder:

If this could be the cause of nothing been available in the "Field" field
Now I wonder how Logstash is able to digest the log ok and it is able to populate field but with wrong type, string instead INT as I chose.

Thanks!

lserranov · June 21, 2018, 11:27pm

In logstash, in grok, made sure to capture server_time as i read from somewhere:

INT:server_time:int

I recreated the index and still I see the server_time field as I reported earlier:

Name, Type, Format, Searchable, Agreeable, Excluded
===== ==== ======= ========= ========= =======
server_time, String, "empty",yes, "empty" ,"empty"

I wonder what do I need to do in order to force Kibana (or whoever) to take server_time as integer? I'm assuming that this is the cause of field FIELD in visualizations not showing any value.

Thanks

lserranov · June 22, 2018, 2:55am

I figured that I needed to reindex the index to have the proper type for the server_time field.

After doing that, now I see server_time in the Field component on the Visualize menu.

I do not need extra help.

Thanks

system · July 20, 2018, 2:55am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.