This might be a bit of a strange question and hopefully someone can just point me straight at some documentation. I want to visualize on a text field where I know that part of the message will contain a fixed string (from a small collection of strings, e.g. INFO, WARN, ERROR, CRIT, DEBUG). Ideally I'd like to be able to create a Pie Chart for this to show percentages of each of the types of collection. Can someone point me to or provide me with a simple concise method for doing this?
Try the "Filters" aggregation in Lens to define KQL for each bucket. There's an example of defining this in the Kibana guide....the example has this trended over time but you could use a pie chart + "filters" aggregation to use a pie (or treemap!). Time series analysis with Lens | Kibana Guide [7.13] | Elastic
Thanks for this - our current implementation of Kibana doesn't sadly have Lens installed, it would seem. Is there another way?
Also it appears as though there's things in our message string over and above this that start with specific phrases (e.g. "Glue Crawler", "Unknown Exception", "unexpected row count" etc) that would be useful to map. Would such a thing be possible within this framework?
I am using 7.10.2 - I've found a workaround for this particular case but it would be useful if there is a "non-Lens based" methodology I could follow in case this arises in future.
Hi @MWLonKso,
filters aggregation exists also in the Visualize editor so there's no need to use Lens if you want to avoid it. The KQL syntax is used in both places so the tutorial sent by @ghudgins can still be useful.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.