Create visualization on event fields

This support forum board is for support questions relating to Nagios Log Server, our solution for managing and monitoring critical log data.
Locked
redeye-techops
Posts: 3
Joined: Fri Jun 19, 2020 5:01 am

Create visualization on event fields

Post by redeye-techops »

Hello,

I have an index "client-stats" that contains values that are populated from an application into specific fields using the syslog input. These are generated hourly and the plan is to graph these over time. A sample of the data (including field names for reference) with the field mapping is shown below

Code: Select all

client: "John"
hr_of_day: 15   
yellow:  56
green: 102 

Code: Select all

{"client-stats-2022.03.08":{"mappings":{"yellow":{"properties":{"@timestamp":{"type":"date","format":"dateOptionalTime"},"@version":{"type":"string"},"client":{"type":"string"},"green":{"type":"long"},"facility":{"type":"long"},"facility_label":{"type":"string"},"host":{"type":"string"},"hr_of_day":{"type":"long"},"ip":{"type":"string"},"logsource":{"type":"string"},"message":{"type":"string"},"priority":{"type":"long"},"program":{"type":"string"},"severity":{"type":"long"},"severity_label":{"type":"string"},"yellow":{"type":"long"},"timestamp":{"type":"string"},"type":{"type":"string"}}}}}}
The idea is to build a simple histogram per client that trends the yellow/green fields over time

The histogram seems like the ideal panel type for this requirement but there is no facility to create simple linear visualizations on the integer fields? All options provided are cumulative functions?

Also, even though the yellow and green fields are long types, cumulative functions on them (avg, mean etc.) return an empty chart and there are no data-type transformation errors on the dashboard

Any assistance will be appreciated. Note that I've already gone through the documentation covering log analysis with filters, queries up to building dashboards but nothing in that documentation reflects this simple use case

Thanks
Dayo
User avatar
cdienger
Support Tech
Posts: 5045
Joined: Tue Feb 07, 2017 11:26 am

Re: Create visualization on event fields

Post by cdienger »

The histogram panel graphs the total number of events a query/filter returns and doesn't allow for you to track a specific field value. Unfortunately this isn't an option in NLS, but XI may be an option worth exploring. A plugin could be used to pull the values to be used in performance data charts. Plugin guidelines including performance data formatting can be found at https://nagios-plugins.org/doc/guidelines.html#AEN200

Regarding the cumulative functions issue, what type of panel are you using? I tested with a stats panel and didn't have an issue.
You do not have the required permissions to view the files attached to this post.
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
redeye-techops
Posts: 3
Joined: Fri Jun 19, 2020 5:01 am

Re: Create visualization on event fields

Post by redeye-techops »

Hi,
The histogram panel graphs the total number of events a query/filter returns and doesn't allow for you to track a specific field value.
Thanks for your feedback on this and the link to the plugin. I was able to get around this by tweaking the time @timestamp field (X-axis) on the graph. Within the specified period, min=max=avg so any of the functions is sufficient

The other issue was a mistake on my part but related to the logstash filter. There were some hidden xters that weren't catered for during ingest

Thanks
gsmith
Posts: 1253
Joined: Tue Mar 02, 2021 11:15 am

Re: Create visualization on event fields

Post by gsmith »

HI

We're glad you got it working!

I am going to lock this thread.

As a reminder we have migrated to a new ticketing system so I encourage you to create an account ASAP
even if you do not have an issue currently.

Here is that information:
We're moving to a new support system!

The Nagios Answer Hub is a place where you can get help with technical questions from our experts. There, you can quickly open tickets and join discussion boards.

Request Nagios Answer Hub access here: https://info.nagios.com/answer-hub-access-new-users

After completing the access form, you will be given access to a portal where new tickets can be created. We will keep the old customer forum sections and ticket system available for current cases to be resolved.
Thanks and have a great weekend!
Locked