[solved] Visualization of imported data, not an aggregation

andreas_at_work · March 15, 2017, 9:13am

Hey folks,

some of our network devices do provide aggregated logs like:
timestamp;port(in|out);amount_of_connections
timestamp;80in;5000
timestamp;80out:4321
timestamp;443in;1234
timestamp;443out;1111

we have indexed the data to es and would like to visualize f.e. a bar chart for port 80in with the time in the x-axis and the stored amount of connections.

any kind of bar chart i was able to create do some kind of aggregation and is not using the stored values.

is that somehow possible?

thanks
Andreas

andreas_at_work · March 15, 2017, 1:21pm

solved:
Bar chart
X-Axis => max, min, average (depends on use case), field: port 80in
Y-Axis => date histogram

Brandon_Kobel · March 16, 2017, 11:09am

@andreas_at_work glad to hear you figured it out, and thanks for sharing your solution with others!

system · April 13, 2017, 11:10am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.