Hi,
I am using ELK to gather and keeping track of all the logs(specially exceptions) from my weblogic servers.
Now i am getting all the logs and exception but i want to see the unique and new exceptions in Discover every time logstash finishes its job.
Is there a way by which i can achieve the above. As of now i am searching the logs for different exceptions and saving the search.
Thanks ,
Vineet
You might want to think about using a visualization to track the number of different types of exceptions in time buckets. You can create a bar chart or area chart and split the series using a terms aggregation on exception type. With auto-refresh enabled for the visualization or dashboard, you will see new events as they come in from Logstash.
i have some visuals but for those i have to define the query, for example if i have to create a visual showing an exception's count, i have to tell kinana 1st that i am looking for this specific exception,
What i exactly want is a kibana to handle and display all the unique exceptions count by itself. Like after every logstash scan, Kibana visual should display list or graph of all the unique exceptions that logstash extracted from the logs.
When you create a visualization with buckets such as a bar chart or area chart, there is an option to split the chart series by an aggregation. Choose a Terms aggregation, choose the field for exception event type to aggregate by, and give it a size of terms to look for. Then the visualization will have multiple series where each one correlates to an event type.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.