Windows log visualization for a number of events per day

Hi,
I am new to Kibana and I am trying to visualize on how many times a particular windows event happened per day.
For an example lets say I want to count the number of successful logons for a server per day. The relevant Windows event ID is 4624. I am successfully getting the windows security log via Winlogbeat to my elasticsearch engine but couldnt figure out the proper settings for a graph.

A vertical bar or a Line graph is preferred.
Y -axis should be the count of number of events with ID 4624 and X -axis should be the day.

Any help is highly appreciated.
Thank you.

Hi @forestgump,

you can do this by chossing the line visualization when navigating to "Visualize" and clicking the "Add new visualization" there.

To have a per-day date histogram on the x axis you have add a bucket aggregation, select date histogram as the aggregation type and select your time field. In the interval field you can specify the interval (in this case Daily).

To only take the logon events into account you have to apply a filter in the top bar - click "Add filter" there and set it to "your event id field name is 4624".

The filter will be saved along with the visualization.

Thanks it worked!

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.