Hi,
I am new to Kibana and I am trying to visualize on how many times a particular windows event happened per day.
For an example lets say I want to count the number of successful logons for a server per day. The relevant Windows event ID is 4624. I am successfully getting the windows security log via Winlogbeat to my elasticsearch engine but couldnt figure out the proper settings for a graph.
A vertical bar or a Line graph is preferred.
Y -axis should be the count of number of events with ID 4624 and X -axis should be the day.
you can do this by chossing the line visualization when navigating to "Visualize" and clicking the "Add new visualization" there.
To have a per-day date histogram on the x axis you have add a bucket aggregation, select date histogram as the aggregation type and select your time field. In the interval field you can specify the interval (in this case Daily).
To only take the logon events into account you have to apply a filter in the top bar - click "Add filter" there and set it to "your event id field name is 4624".
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.