Want Pie Chart Grouped By Browser Name/Version

Elastic Stack Kibana
1

Environment
Windows 7
Elasticsearch v1.7.0
Logstash v1.5.4
Kibana v4.1.1
My data is an Apache Access Log File.

After running the grok filter {COMBINEDAPACHELOG}, date filter, agent filter,
I have used logstash to create a new field named browser_full_name.
browser_full_name is populated with a concatenation of browser name, major version
Example Internet Explorer 10.0, Internet 9.0

I want to create a pie chart that shows the count of the browsers grouped by browser full name.

I need help creating a Kibana Pie Chart. I am trying to figure out how to group the data in the browser_full_name field and display the data in a pie chart. I am not sure how I can aggregate my data by unique values within the new browser_full_name field.

Example "Internet Explorer 10.0", "Internet Explorer 9.0", "Google Chrome 33.0"

Can someone tell me how to create a pie chart using Kibana v4.1.1?

Here is my logstash.conf
input {
file {
path => "c:/websites/elkstack/logs/*"
sincedb_path => "c:/websites/elkstack/logs/sincedb"
start_position => "beginning"
}
}

filter {
if [path] =~ "access" {
# populate type
mutate {
replace => { type => "apache_access" }
}

if [user-agent] != "-" and [user-agent] != "" {
  useragent {
    add_tag => [ "UA" ]
    source => "user-agent"
  }
}

if "UA" in [tags] {
  if [device] == "Other" { mutate { remove_field => "device" } }
  if [name]   == "Other" { mutate { remove_field => "name" } }
  if [os]     == "Other" { mutate { remove_field => "os" } }
}

# apply grok filter for apache combined access log format
grok {
  match  => { "message" => "%{COMBINEDAPACHELOG}" }
}

# apply date filter to standardize date format
date {
  locale => "en"
  match  => [ "timestamp" , "dd/MMM/yyyy:HH:mm:ss Z" ]
}

# apply user agent filter
# create new agent and os related fields
useragent {
  source => "agent"
}

# add new field named browser_full_name
# populate broser_full_name with concatenate fields name major.minor
mutate {
  add_field => { "browser_full_name" => "%{name} %{major}.%{minor}" }
}

} else if [path] =~ "error" {
# set type to apache_error
mutate {
replace => { type => "apache_error" }
}

} else {
# set type to random_logs
mutate {
replace => { type => "random_logs" }
}
}
}

output {
elasticsearch {
host => "localhost"
protocol => "http"
cluster => "bonza"
index => "testnebraska"
}

stdout {
codec => rubydebug
}
}

2

Check out https://www.elastic.co/blog/kibana-4-video-tutorials-part-1, if you still have problems then show us what you're done and where you're stuck :slight_smile:

3

Thank you for your reply. Turns out that the solution was that I had to create a mapping that set the "browser_full_name" field index mapping attribute to "not_analyzed" (before I indexed my data) so that I could perform exact matches vs full-text searches. Now I am able to create a pie chart and aggregate terms on the "browser_full_name" field. Hope this helps someone else.