Reputation: 358
Kibana query count arithmetic
I log each user interaction through a flow and put one row into elasticsearch each time there is an event. The field is 'eve' and the events are 'started', 'canceled', 'completed', and 'failed'.
'started' is always the first action and any of the other is the last
In Kibana I want to graph the number of starts that did not result in a 'canceled', 'completed', or 'failed', something like (count(event:started) - count(NOT event:completed)). Is that possible? Of not, what's the workaround?
Upvotes: 0
Views: 276
Answers (1)
Reputation: 16362
I have similar start/end events. To associate them, I have an external process that lines them up (based on the common data) and then marks each with the _id of the other.
Then it's easy to tell which ones didn't end, etc.
We use this for file transfers ("which transfers are currently in flight?") and snmptrap data ("which traps haven't been closed?"), among others.
Check out the libraries (elasticsearch-py and the dsl one are good).
Upvotes: 0
Related Questions
- How to count aggregated fields in Kibana Elasticsearch/opensearch query DSL?
- Kibana Query to get the count of occurrence
- Elastic search count query
- Elasticsearch: count documents from query match
- Elastic search _count queries
- Kibana query results mismatch between _count & _search api
- Performing Calculations on Multiple Metrics (Counts) in Kibana 4
- Dividing counts of two different queries in kibana
- Kibana(Elasticsearch) count with uniq value
- Kibana - Average Count per Unique Field