Try to build a Visualization and Dashboard for displaying LOG

Elastic Stack Kibana
1

Hello;

I have installed Elasticsearch and kibana 5.2 (on a RH 7.3).

Then I use the rsyslog plugin OMELASTICSEARCH to display log files.
In the first window "DISCOVER" of KIBANA, content of log files are correctly displayed.

Now I want to build a "VISUALISATION" of these log's in order to build next a dashboard for displaying in "real-time" the messages that are inside my log files.
I want to make a little like that, but in simpler!
It is especially the right lower part who interests me
Kibana-LOG

First, in VISUALISATION tab, which "GRAPH" do I have to chose?
In Y axis, which do I have to put? And for X?

Thank you very much.
Pierre S

2

Hi Pierre,

It looks like the part which is interesting you is a saved search. Dashboards in Kibana can have both saved searches and visualizations. Here is what you need to do.

  1. Go to discover. Click on column next to the fields that interest you.

add_column
add_column.png3840Ă—2160 1.35 MB

  1. Once you add them - this is how they look:

look_at_the_result
look_at_the_result.png3840Ă—2160 912 KB

  1. Save the result:

save_example
save_example.png3840Ă—2160 862 KB

  1. Add them to dashboard:
    add_dashboard
    add_dashboard.png3840Ă—2160 768 KB

Voila there you go :slight_smile:
Let me know if you need more help.

Thanks,
Bhavya

1 Like
3

Hello bhavyarm;

Thank you very much for your very precise reply.

OK, I have do that and it works fine.

But, this dashboard displays log files content by slice of time (15 mn by defaut).
Do you know if is it possible to display on the screen the permanent and dynamic continuous flow of messages?

Thank you.
Pierre S.

4

Hi Pierre,

Glad that worked.

You can change the date on your dashboard by using the timepicker. It's in the upper right corner. And you have three modes: quick, relative and absolute. It's sort of a global variable too. So if you navigate between discover, dashboard and visualizations - it remains the same.

time_picker
time_picker.png3840Ă—2160 801 KB

Our Kibana docs are here: https://www.elastic.co/guide/en/kibana/5.6/index.html

Here are the details about timepicker: https://www.elastic.co/guide/en/kibana/5.6/set-time-filter.html

Cheers,
Bhavya

5

Hello bhavyarm,

I had seen this job function, which is well presented and very well done.
But, I would have liked that the display changes when the lead time of the autorefresh, for example 5 seconds, arrived.
The display is well refreshed but with the same values;
I will have wanted that the values correspond to the following time interval. It is what one can call a “slipping” window.
Can I do it, and how?

Thank you very much another time.
Pierre S.

6

Sorry, I have found my response.
If I put the well mode (RELATIF) and the good mode also for REFRESH (auto, 5 s) in DISCOVER screen, then in DASHBOARD, I recover these 2 modes , and it works fine.
Fabulous!
Thank you a lot of;
Pierre S.

1 Like
7

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.