Trying to understand how to get stacked bar charts

swright-eti · December 18, 2018, 9:01pm

I have data ingested from logs. There is a "log_level" field for each message with possible values of ["INFO", "WARNING", "ERROR"]

I want a bar chart that shows the count of each log level in hourly intervals. So I should have a bar segment for each log level that represents the number of matching documents for that hour.

My first pass at this was to create a Visualization that had 3 counts for Y axes, one for each log level and then adding a query in the JSON input section. That just gave me 3 segments of equal length for each time slot.

I then tried to use sum in the Y axis to get a count of log_level, but it does not appear as a field that I can use.

Not exactly sure how to go about this. I am going to do some digging on the docs, but if anyone can point me in the right direction I would really appreciate it.

Thanks.

swright-eti · December 19, 2018, 12:00pm

Ok I have figure out what I needed to do. The Y-axis is just a count. The X-axis gets 2 buckets. The first is a Date Histogram for @timestamp. The second is a Split Series for terms. In my case the term is log_level. Pretty straightforward actually.

rashmi · December 19, 2018, 6:51pm

Thanks for posting the solution back here.

cheers
Rashmi

system · January 16, 2019, 6:51pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.