Hi,
I am unsuccessfully trying to get a visualization of ordered ratio.
After reading various posts/questions/requests I start to doubt that what I am
looking for is (yet) available through Kibana, but as a I am a newbie and some
of the post might be outdated, I thought I should better ask.
Here is the context: we are handling several hundreds of "institutions" and would
like to spot the ones that have a large request failure rate (aka,
the ones we should worry about).
As we are dealing with large institutions (with thousands of
requests) and small ones (generating a modest amount of requests), I can't rely
on a count of failed requests, and need to examine a success/failure ratio.
In addition, as we have hundreds of institutions, we can't display the ratio for
each one of them on a single visualization, and would need to get a "top
10/20/human-friendly-number".
I tried a vertical stacked bar visualization of the success and failure in
percentage mode, but I can't find a way to get my institution ordered according
to a percentage.
To get a better idea, my problem is similar to the one depicted on this post:
Kibana - Customize order by using percentage from count aggregation
I also looked into Timelion visualizations, as it allows to compute ratios and to
apply conditions. I can easily compute failure ratios and display the pathological one (let's say over 50%) through something like
.es('log:failure').divide(.es()).if(gte, 0.5, .es('log:failure').divide(.es()).multiply(100), null).
My problem is then to find a way to apply it for each institutions.
My list is too long (and evolving) for me to apply filters
individually in the command. Ideally, I would like to use split, but I
don't know that is possible to carry the "Institution" into the divide
section (as far as I know regex are only supported into label() ).
.es('log:failure', split=Institution:X).divide(.es( institution-target-of-the-previous
-split? )).if(gte,0.5, ..., null)
If you have any idea or suggestion about how to address this problem, or if I
overlooked or missed something, please let me know. Any help would be greatly appreciated. 