Visualizing Pre-aggregated Data

susrich0810 · July 25, 2016, 3:53pm

We've created a python script to pre-aggregate our data, and then re-index it into ES. We've done that part successfully, and we get re-indexed logs similar to the following:

{
"message" => " ... message from file ... ",
"@version" => "1",
"@timestamp" => "2016-07-25T15:36:17.8612",
"path" => "/path/to/my/file/filename",
"host" => "host-server",
"country" => {
"country_code" => "US",
"total_ip_count" => 252,
"unique_ip_count" => 31,
},
"company-department-name" => "dept1",
company-region" => "SW",
"system-name" => "FINANCE"
}

In the above log, and all other similar logs, I want to be able to visualize each country, and its corresponding 'total_ip_count', or 'unique_ip_count' in bar charts, etc. How can this be done?

Please let me know!

tsullivan · July 25, 2016, 8:07pm

You'll want to select the metric to measure for your Y-Axis. For example if you want the see the average of your IP counts, you'll set "Aggregation" to "Average" and "Field" to total_ip_count.

Then for the X-Axis, you'll set "Aggregation" to "Terms" and select country.country_code as the field.

That will bucket the average IP Counts per country code in the bar chart.

susrich0810 · July 26, 2016, 1:30pm

Great, thanks Tim!

Topic		Replies	Views
Data is already aggregated in logstash feed, how to create a Kibana UI on this aggregated metrics Kibana	9	536	April 30, 2020
Vertical Bar Unique Count all counts = 1 Kibana	7	1070	April 11, 2021
Kibana Visualization of bucket aggregation data Kibana	5	1802	February 7, 2023
Trying to build a table visualization with multiple aggregations Kibana	2	2231	April 28, 2021
Visualising field values as count metric in Kibana Kibana	3	7883	August 29, 2017

Visualizing Pre-aggregated Data

Related Topics