Good day,
I am relatively new to the ELK stack and still getting use to how things are done.
I am working on a solution to provide ATM statuses (whether up or down) in the form of a dashboard.
I have a csv file that looks something like this:
Time,"ATM_Id",Location,City,Branch,PingStat,Network,Status,
"2024-04-17 10:25:00",151,"ATM #1","Some City 1",N,Succeeded,CONNECTED,WORKING
"2024-04-17 10:25:00",4151,"ATM #2","Some City 2",N,Succeeded,CONNECTED,WORKING
"2024-04-17 11:00:00",13,ATM #3,"Some City 3",N,Succeeded,CONNECTED,DOWN
"2024-04-17 11:05:00",13,ATM #4,"Some City 3",N,Succeeded,CONNECTED,WORKING
I have successfully managed to get the data inside of elasticsearch, however, I am having a hard time figuring out how I would display the latest updated instance of the records - aggregated by atm_id. I was able to create a queer and a corresponding table but this just dumps all the records from the csv file.
From the sample above, I would want to create a table that would display the data back to the user to depict the current status of the ATM. Note that though there are 4 records in the file, there are only 3 unique ATMs so the result should only contain 3 rows as follows:
CITY LOCATION ATM ID STATUS
Some City 1 ATM #1 151 WORKING
Some City 2 ATM #2 4151 WORKING
Some City 3 ATM #3 13 WORKING * (Since this is the most recent update in the file for this ATM)
I hope I hav been able to provide sufficient details and any assistance would be really appreciated as I start my ELK journey.