To generate a bar graph for the given scenario

I have a log from which i need to extract the state field and generate a bar graph for the state transitions that the logs have gone through for a given NexthopId. Please help me with this scenario.

LOGS:
2020-03-06 09:36:50.775744749 re0:ndp:25786 lltp_debug message = "NDP-DBG:NC_FSM_HANDLER:1634:: state 4, event 0, NexthopId 44000"
2020-03-06 09:36:51.548239404 re0:ndp:25786 lltp_debug message = "NDP-DBG:NC_FSM_HANDLER:1634:: state 5, event 3, NexthopId 44001"
2020-03-06 09:36:52.778379389 re0:ndp:25786 lltp_debug message = "NDP-DBG:NC_FSM_HANDLER:1634:: state 5, event 0, NexthopId 44001"
2020-03-06 09:36:52.801907464 re0:ndp:25786 lltp_debug message = "NDP-DBG:NC_FSM_HANDLER:1634:: state 7, event 4, NexthopId 44001"

Here is my logstash config file:

input {

file {

path => ["/home/hari/ndppro/ndp2a.log"]

start_position => "beginning"

sincedb_path => "/dev/null"

}

}

filter {
grok
{
break_on_match => false
pattern_definitions => { "mssg" => "((Msg|message|Message|message1|message2) [=])" }
match => {
"message" => ["%{TIMESTAMP_ISO8601:timestamp} %{WORD:node}:%{WORD:program}:%{INT:pid} %{WORD:tracetype}.*%{mssg} "%{GREEDYDATA:Message}""]
"Message" => ["NexthopId %{WORD:next_hop_id}", "state %{WORD:state}", "event %{WORD:event}"]
}
}
mutate
{
remove_field => [ "message" ]
}

translate {
field => "[state]"
destination => "[state_name]"
dictionary => {
"0" => "Unknown"
"1" => "No state"
"2" => "Unreachable"
"3" => "Incomplete"
"4" => "Reachable"
"5" => "Stale"
"6" => "Delay"
"7" => "Probe"
}
fallback => "Invalid state"
}

translate {
field => "[event]"
destination => "[event_name]"
dictionary => {
"0" => "NC6_TIME_EXP"
"1" => "NC6_RS_IN"
"2" => "NC6_RA_IN"
"3" => "NC6_NS_IN"
"4" => "NC6_SOL_NA_IN"
"5" => "NC6_UNSL_NA_IN"
"6" => "NC6_NUD_HINT"
"7" => "NC6_RT_ADD"
"8" => "NC6_RT_DELETE"
"9" => "NC6_ND6_FREE"
"10" => "NC6_L2IFL_DOWN"
"11" => "NC6_MAC_MOVE"
"12" => "NC6_IFL_DOWN"
"13" => "NC6_RT_CHANGE_TO_TIMER"
"14" => "NC6_RT_CHANGE_TO_PERM"
"15" => "NC6_RT_CHANGE_MAC"
"16" => "NC6_PKT_OUT"
}
fallback => "Invalid event"
}

}
output {
elasticsearch{
hosts => ["localhost:9200"]
}
}

Does that ingest script work? What problems are you having?

Hi,

The script works fine. Now i have a scenario where i must generate a graph that shows the state transitions for a given nexthop Id.

I went through kibana visualisation, but i am not able to figure out how to display state transtions.
Can you please help me out?

How does a document look like? It's pretty hard to figure that out from a ingest script.
Normally you can display the latest value of a document and do a split by term on NexthopId.