I have an index "client-stats" that contains values that are populated from an application into specific fields using the syslog input. These are generated hourly and the plan is to graph these over time. A sample of the data (including field names for reference) with the field mapping is shown below
Code: Select all
client: "John"
hr_of_day: 15
yellow: 56
green: 102
Code: Select all
{"client-stats-2022.03.08":{"mappings":{"yellow":{"properties":{"@timestamp":{"type":"date","format":"dateOptionalTime"},"@version":{"type":"string"},"client":{"type":"string"},"green":{"type":"long"},"facility":{"type":"long"},"facility_label":{"type":"string"},"host":{"type":"string"},"hr_of_day":{"type":"long"},"ip":{"type":"string"},"logsource":{"type":"string"},"message":{"type":"string"},"priority":{"type":"long"},"program":{"type":"string"},"severity":{"type":"long"},"severity_label":{"type":"string"},"yellow":{"type":"long"},"timestamp":{"type":"string"},"type":{"type":"string"}}}}}}
The histogram seems like the ideal panel type for this requirement but there is no facility to create simple linear visualizations on the integer fields? All options provided are cumulative functions?
Also, even though the yellow and green fields are long types, cumulative functions on them (avg, mean etc.) return an empty chart and there are no data-type transformation errors on the dashboard
Any assistance will be appreciated. Note that I've already gone through the documentation covering log analysis with filters, queries up to building dashboards but nothing in that documentation reflects this simple use case
Thanks
Dayo