Vega-Lite in Kibana visualization problem

martinez06 · April 25, 2023, 8:40am

Hi,
Im trying to create a custom vizualization using Vega-Lite in Kibana. I have the source data:
syslog_ip_address, syslog_url,syslog_status. For each ip address i check status of three url and i want to visualise it in dashboard. I created the below code but i cant aggregate it how i want.
Now when one of the pages stop responding i dont see which site and from wchich ip address

{
  "$schema": "https://vega.github.io/schema/vega-lite/v5.json",
  "data": {
    "name": "check_data",
    "url": {
      "index": "logs-filebeat.d365*",
      "body": {
        "_source": ["@timestamp", "syslog_ip_address", "syslog_url", "syslog_status"],
        "size": 200
      }
    },
    "format": {"property": "hits.hits"}
  },

   "facet": {
    "field": "_source.syslog_ip_address",
    "columns": 4,
    "title": "IP Addresses"
  },
    
  
  "spec": {
    "layer": [
      {
        "mark": {"type": "text"},
        "encoding": {
          "text": {"field": "_source.syslog_status"},
          "color": {"value": "white"}
        }
      },
      {
        "mark": {"type": "rect"},
        "width": 60,
        "height": 40,
        "encoding": {
          "href": {"field": "_source.syslog_url"},
          "color": {
            "condition": {
              "test": "datum._source.syslog_status == '200'",
              "value": "green"
            },
            "condition": {
              "test": "datum._source.syslog_status != '200' ",
              "value": "red"
            },
            "value": "green"
          }
        }
      },
      {
        "mark": {"type": "text"},
        "encoding": {
          "text": {
            "condition": {
              "test": "datum._source.syslog_status == '200'",
              "field": "_source.syslog_status"
            },
            "condition": {
              "test": "datum._source.syslog_status != '200'",
              "value": "PROBLEM"
            },
            "value": "OK"
          },
          "color": {"value": "white"}
        }
      }
    ],
  }
}

I woudl be greatfull for help

nickpeihl · April 26, 2023, 6:12pm

I would start by confirming that your data.url.body query is returning the data you want. It looks like it will return up to 200 logs. You can check the query results in your Kibana Dev Console.

POST logs-filebeat.d365*/_search
{
  "_source": ["@timestamp", "syslog_ip_address", "syslog_url", "syslog_status"],
  "size": 200
}

But these logs might return multiple results for the same IP address. Maybe you want to only get the syslog_status for the latest status for each IP address? In that case, I would suggest using a top hits aggregation like this example.

system · May 24, 2023, 6:12pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Vega-Lite problem with the visualization Kibana vega	2	334	July 18, 2023
Vega: text information when dont get logs Kibana vega	1	185	June 23, 2023
Configure visualization from dashboard Kibana vega	3	35	September 23, 2024
Urgent: How to Create Custom Visualization (Vega) In Kibana to analyse Apache logs Kibana	3	264	April 30, 2019
Vega Lite Table Output Option Kibana	4	8494	April 16, 2018

Vega-Lite in Kibana visualization problem

Related Topics