I'm new at using Kibana and I need some help.
I managed to create some graphics with my datas from Logstash/Elasticsearch (like how many of certain type of message by day), but I'm now stuck with one graphic I need :
The point is to see the evolution of a multistate data (saved as a string in Kibana). This one has 3 states possible, but I can't find a way to use it as an Y-Axis.
Before Kibana, I used some Excel files to create the graph, and I had to convert the string into an integer (so 0, 1 or 2) and then rename the value in the graphic (but that wasn't really that).
Is there a similar way in Kibana or do I need to create the field in Logstash ? Or even better, is there a direct way to use the string in Kibana ?
If you need more details about what I want, please ask. And sorry for my poor english if I made mistakes !
I'm not sure what kind of chart you are trying to create. There's a vertical bar chart. What would be on the X-Axis, time?
Maybe you can post a screenshot of your Excel chart if you still have something like it?
I have another issue with the same graph, can't I put 2 fields to the split lines to have Server + Service or do I need to create a merged field in Logstash too ?
I think to show those values on the Y-Axis you would have convert them to numbers. If you're on Elasticsearch and Kibana 5.0 you can use scripted fields in Kibana with the Painless language. I made one scripted field with this script;
if (doc['name.keyword'].value == "a") return 1;
if (doc['name.keyword'].value == "b") return 2;
if (doc['name.keyword'].value == "c") return 3;
if (doc['name.keyword'].value == "d") return 4;
return 0;
Note that the fields you use like my name.keyword above can not be analyzed strings. If they are strings that have to be keywords.
Or maybe you can use filters, but I don't think you can get the chart to show the string values on the y-axis. In the chart below you see I've added filters for a field geo.dest equaling a certain value. And then I'm getting the count.
Yes I am on 5.0. I created 2 scripted fields and it seems to have the value I expected. That will be usefull thank you !
But your example don't work for my case. The closer look I had is this:
That's look pretty good, but 2 things bother me:
-the view from a big time period, I would like to see the current state at every moment for every server, but my logs only report changes of state. Is there a way to "keep" the last value I missed ? Maybe some kind of dynamic log with the Painless script ?
-this Y-Axis, can I edit it to replace the integer value like I did Excel ? Maybe this json input, I know nothing about it. And can I change the scale interval ?
1). The Advanced JSON Input you mentioned. I do have this example where each doc had a start time and a duration in sections and the user wanted the chart to the totals of everything active at any particular time. So this user could pad the data based on information in each document. Your case is different in that each doc changes a state and doesn't have any information on when the next state change happens. But here's the example;
I gave a look at both solution, but honestly it's pretty for someone knowing nothing about it !
I searched for some syntax base and I found this for JSON, but seems not to work on Kibana.
For Timelion, I'm totally lost !
So is there some kind of list of terms for these 2 options ?
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
