Hi, welcome to the forums! If I understand your description, you have logs that are structured like this:
{ timestamp: 2021-01-01, totalExpected: 5, jobId: 1 }
{ timestamp: 2021-01-02, inSuccess: 2, inError: 1, jobId: 1 }
{ timestamp: 2021-01-02, inSuccess: 3, inError: 2, jobId: 1 }
Where you are tracking the change in status over time. There are two major reasons that your problem is hard in Kibana:
-
You are trying to correlate something from one document to a later document. You can't do this in a single query, and Kibana is fundamentally a single-query system. To fix this, you need to change the way your data is stored so that all the related info is stored together.
-
The pie chart visualization in Kibana is one of the least powerful tools we offer, and does not support any kind of dynamic coloring.
The first problem is your most critical. You do need to change your data so that you can store all the related data in one document. Most likely, you should do this as a separate index that contains the output data. For the documents I listed above, here is the only output I think you need:
{
latestTimestamp: 2021-01-02
totalExpected: 5
completed: 3
errorCount: 2
jobId: 1
}
This is called an entity-centric index, and is a very common pattern. We offer a tool to set up background jobs that do this automatically: