Hello -
Require advice or guidance on how I can deliver the requirement below.
First, the input:
I have several ascii logs that contain a series of steps that a user performed, each in a single line. For instance, for user 1, the log file on his machine may look like this:
Line #1: USER1 2019/05/20 Launched new tab window
Line #2: USER1 2019/05/20 Created new object
Line #3: USER1 2019/05/20 General viewing
Similarly, user 2 would have different steps he's taken.
Currently, I'm using filebeat to transfer these files. And this is successfully working. Now i have an index that contains each of these columns, and an attribute that says the LineNumber. Index looks like this:
"properties" : {
"userid" : {
"type" : "text",
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
},
"msgaction" : {
"type" : "text",
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
},
"eventTime" : {
"type" : "date"
},
"lineNumber" : {
"type" : "long"
}
}
}
Requirement:
I'd like to present a pie/donut chart that would show in each sub-bucket (segment) the different actions. For instance, the inner sub-bucket, would contain all users' first action (line #1 in all users); and then the second sub-bucket would contain all users' second action.
I sense that in order to achieve this, I need to have ability for every sub-bucket to say something like "lineNumber is X", changing that for each sub-bucket.
Any advise how I can achieve this through Kibana, if at all?
Using Elastic, Kibana and Logstash v 6.6.1
Thanks,
George