Hello.
I have a field "UserId" in the logs
When the user is not authorized his id is 0
I want to create a Visualize Pie where there are two parts:
one log with UserId==0, in the other all others
Tell me how to do this?
Whether to use JSON-input?
kibana 6.3.2
Easy Way : 2 Visualizations
First one : Add filter with "Userid is "0"" ,
Second one : add Filter with "UserId is not "0""
If you want to split the same PIE
you can do it like this
1 Like
excellent! thank you very much:grinning:
I have tried UserId!=0 and it did not work)))
Metrics I expose as unique count on a field with a hash on hadrware PC.
that is, I have one pc that counts as authorized and as unauthorized.
Is it possible to solve this problem somehow?
thank you
I don't really understand what you mean.
You already have a filter , so why using unique count ?
In your filter you may should write : UserId.keyword:0 instead of UserId:0
for example ...
At me in logs 100 UniqueCode is a computer hash.
40 uniq - not logged in
40 uniq - authorized
and 20 uniq has logs where they were not authorized, and then logged in.
Now it will show me how 50/50%
I want 60/40%
That is, filter the unique count fields by metric, then UserId: 0, then from the remainder !UserId: 0
I want that when adding UserId: 0 and !UserId: 0 it turned out 100, not 120
1 Like
There is an inconsistency in your explanation . Or there's something I misunderstood.
What are all the possibles values of the UserId field ?
0 (if not authorized), 132, 435, 634, 574 - number Type.
I can have such logs:
{
UniqueCode : "FH5435DGFHJ63DXFRH98LOG34CDG12SCA";
UserId : 0
}
//--
{
UniqueCode : "FH5435DGFHJ63DXFRH98LOG34CDG12SCA";
UserId : 112
}
//--
{
UniqueCode : "1EF2SDFSD4GER5WRPI3F2FEF5WF4WF1EF2";
UserId : 0
}
3 logs.
User 112 launched the application, went to the log, and after the user was authorized.
I want that in this case the pie would be divided 1 to 1, not 1 to 2.
Ok , tell me if i'm right :
the "user" referecend by FH5435DGFHJ63DXFRH98LOG34CDG12SCA lauched the app so his useriD is set to 0,
And then got authorized so the userid is set to 112 ..
Am i Right ?
yes. And I need to somehow ignore the logs where useriD set to 0 if it is later authorized
Awww, Ok , I got it ..
Hummm... It's totally different of what i was thinking
You can try to do it by writting weird lucene query
In the filter input you can write any lucene expression .
which make this query
You can try something in this way ..
Thanks, tomorrow I'll try.
and where you can read about what?
jesus: kebab and analyze_wildcard......
what does it mean
I did not read about that anywhere , it's something i've found by myself . I don't know where the doc is .
jesus:kebab mean you will search the field jesus with value kebab (i wrote this just for example)
https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl-wildcard-query.html
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.