Visualizing Pre-aggregated Data

susrich0810 · July 25, 2016, 3:53pm

We've created a python script to pre-aggregate our data, and then re-index it into ES. We've done that part successfully, and we get re-indexed logs similar to the following:

{
"message" => " ... message from file ... ",
"@version" => "1",
"@timestamp" => "2016-07-25T15:36:17.8612",
"path" => "/path/to/my/file/filename",
"host" => "host-server",
"country" => {
"country_code" => "US",
"total_ip_count" => 252,
"unique_ip_count" => 31,
},
"company-department-name" => "dept1",
company-region" => "SW",
"system-name" => "FINANCE"
}

In the above log, and all other similar logs, I want to be able to visualize each country, and its corresponding 'total_ip_count', or 'unique_ip_count' in bar charts, etc. How can this be done?

Please let me know!

tsullivan · July 25, 2016, 8:07pm

You'll want to select the metric to measure for your Y-Axis. For example if you want the see the average of your IP counts, you'll set "Aggregation" to "Average" and "Field" to total_ip_count.

Then for the X-Axis, you'll set "Aggregation" to "Terms" and select country.country_code as the field.

That will bucket the average IP Counts per country code in the bar chart.

susrich0810 · July 26, 2016, 1:30pm

Great, thanks Tim!

Topic		Replies	Views
[solved] Visualization of imported data, not an aggregation Kibana	3	507	April 13, 2017
Data is already aggregated in logstash feed, how to create a Kibana UI on this aggregated metrics Kibana	9	536	April 30, 2020
Aggregation on script field Kibana	2	400	July 6, 2017
Vertical Bar Unique Count all counts = 1 Kibana	7	1079	April 11, 2021
Kibana Visualization of bucket aggregation data Kibana	5	1850	February 7, 2023

Visualizing Pre-aggregated Data

Related topics