Discuss the Elastic Stack

Timelion expression

Elastic Stack Kibana

koushickvikram (Koushick Vikram) December 11, 2018, 7:41am 1

**

Timelion expression required

**

Hi All,
Below is the log format in our organisation, please let me know the expression for creation of TIMELION which can show us the graph of Response code : 200

Thanks in advance.

LOG:

@timestamp		December 11th 2018, 13:06:36.000
t _id		xxxxxxxxxxxx
t _index		xxxxxxxxxxxx
# _score		-
t _type		nginx-logs
t agent		xxxxxxxxxxxx
t appid		nginx
# bytes		46
t domain		xxxxxxxxxxxx
t fields.bank		xxxxxxxxxxxx
t fields.env		Production
t host		xxxxxxxxxxxx
t message		xxxxxxxxxxxx
# proc_time		0.022
t remote_ip		xxxxxxxxxxxx
t request		xxxxxxxxxxxx
t response		200
t source		xxxxxxxxxxxx
t tags		xxxxxxxxxxxx
t timestamp		11/Dec/2018:13:06:36 +0530
t upstream_addr		xxxxxxxxxxxx
t user_agent.build
t user_agent.device		Other
t user_agent.major		40
t user_agent.minor		0
t user_agent.name		Firefox
t user_agent.os		Windows 7
t user_agent.os_name		Windows 7
t verb		GET

jen-huang (Jen Huang) December 11, 2018, 10:09pm 2

Hi, the expression will depend on what you want to visualize. Please see the following references as a starting point:

https://www.elastic.co/guide/en/kibana/current/timelion.html

Your initial expression to filter to 200 response code may look something like this:
.es(q='response:200')

system (system) Closed January 8, 2019, 10:09pm 3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

© 2020. All Rights Reserved - Elasticsearch

Elasticsearch is a trademark of Elasticsearch BV, registered in the U.S. and in other countries
Trademarks
Terms
Privacy
Brand
Code of Conduct

Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.