Visualization in timeline format

Leandro_Salamaia · May 26, 2023, 3:23pm

I need to create a view in kibana that shows the time difference between a Status true message and a Status false message but I haven't found a way yet
if anyone can give me some tips

log example

Device:S0101 Status:1 Date:2023-05-25T15:10:01:440
Device:S0101 Status:0 Date:2023-05-25T15:11:01:440
Device:S0101 Status:1 Date:2023-05-25T15:17:01:440
Device:S0102 Status:1 Date:2023-05-25T15:20:01:440
Device:S0102 Status:0 Date:2023-05-25T15:21:01:440
Device:S0102 Status:1 Date:2023-05-25T15:27:01:440

I need something similar to this graphic image

jsanz · June 1, 2023, 4:51pm

I don't think you can do that directly at this moment. With logstash you can process your documents to generate new data with the start and end times. Check this other thread

The elapsed filter for logstash is suggested as the correct tool for this task

Then once you have individual documents with start/end properties you can use the Vega visualization type and ranged bar masks as in this example:

I understand is not a great answer, maybe there's a more straight forward path.

Leandro_Salamaia · June 3, 2023, 1:35am

Hello @jsanz thanks for the help I used the Gantt Chart that you indicated and it worked perfectly.

regarding logstash I took another approach which was to insert a start date and an end date of the event in the document

then as I send the messages through C# at the beginning of the event the end date comes out empty so when it ends I retrieve the document and update it with the end date.

system · July 1, 2023, 1:36am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.