1. 首頁
  2. 問答
  3. 字段中的多個詞可視化

字段中的多個詞可視化

2016-03-08 60 views
0

我試圖以一種可以繪製圖形的方式將kibana可視化,其中客戶向購物車添加了某物與哪些顧客從購物車中移除了物品。我從錯誤日誌中獲取這些數據。字段中的多個詞可視化

這裏是數據的

{ 
    "_index": "filebeat-2016.03.08", 
    "_type": "php-error", 
    "_id": "AVNUOptErt39_iTb3Riw", 
    "_score": null, 
    "_source": { 
    "message": "[Mon Mar 07 20:15:35.571673 2016] [:error] [pid 13829] [client 24.220.167.100:56888] {\"email\":null,\"name\":\" \",\"message\":\"remove from cart\",\"remaining_cart_items\":\"{\\\\\"total\\\\\":\\\\\"1 item(s) - $16.26\\\\\"}\"}, referer: https://exsite.com/", 
    "@version": "1", 
    "@timestamp": "2016-03-08T03:15:36.786Z", 
    "beat": { 
     "hostname": "ip-110-0-0-154", 
     "name": "ip-110-0-0-154" 
    }, 
    "count": 1, 
    "fields": null, 
    "input_type": "log", 
    "source": "/var/log/apache2/error.log", 
    "type": "log_format_error", 
    "host": "ip-10-0-0-154" 
    }, 
    "fields": { 
    "@timestamp": [ 
     1457406936786 
    ] 
    }, 
    "sort": [ 
    1457406936786 
    ] 
}

你可以看到有一個JSON例如,我可以用在dicover進行搜索,然後創建一個可視化出來的「從購物車中刪除」。下面是添加到購物車數據

{ 
    "_index": "filebeat-2016.03.08", 
    "_type": "php-error", 
    "_id": "AVNUOhKOrt39_iTb3Riv", 
    "_score": null, 
    "_source": { 
    "message": "[Mon Mar 07 20:14:56.377612 2016] [:error] [pid 13839] [client 24.220.167.100:56882] {\"email\":null,\"name\":\" \",\"message\":\"Added to cart\",\"add_to_cart\":\"{\\\\\"success\\\\\":\\\\\"Success: You have added <a href=\\\\\\\\\\\\\"https:\\\\\\\\\\\\/\\\\\\\\\\\\/site.com\\\\\\\\\\\\/whitesting\\\\\\\\\\\\\">My Test<\\\\\\\\\\\\/a> to your <a href=\\\\\\\\\\\\\"https:\\\\\\\\\\\\/\\\\\\\\\\\\/site.com\\\\\\\\\\\\/index.php?route=checkout\\\\\\\\\\\\/cart\\\\\\\\\\\\\">shopping cart<\\\\\\\\\\\\/a>!\\\\\",\\\\\"total\\\\\":\\\\\"2 item(s) - $32.51\\\\\"}\"}, referer: https://exsite.com/dtesting", 
    "@version": "1", 
    "@timestamp": "2016-03-08T03:15:01.767Z", 
    "beat": { 
     "hostname": "ip-110-0-0-154", 
     "name": "ip-110-0-0-154" 
    }, 
    "count": 1, 
    "fields": null, 
    "input_type": "log", 
    "source": "/var/log/apache2/error.log", 
    "type": "log_format_error", 
    "host": "ip-10-0-0-154" 
    }, 
    "fields": { 
    "@timestamp": [ 
     1457406901767 
    ] 
    } 
}

所以現在如何我繪製這個數據,我可以看到有多少撈出多少的計數添加到購物車在那裏。

,我在發現該查詢是

"remove from cart" OR "Added to cart"

感謝

來源

2016-03-08 Autolycus

+0

爲什麼不用解析'message'字段與Logstash爲了讓這些JSON字段進入你的事件?查詢它們並在可視化中使用它們會更容易。 – Val

回答

1

理想情況下你會解析使用類似logstash的日誌行,併爲此不必訴諸查詢像你這樣的,但如果您必須始終可以使用過濾器聚合。

當你正在構建一個可視化的(假設你使用的是條形圖),您將創建下列聚集想象這樣的數據:

  1. 計數文件中的每個桶度量(此是否有默認值)
  2. x軸的存儲桶是時間域上的日期直方圖
  3. 使用過濾器聚合分割條的存儲桶。然後給這個agg兩個過濾器,一個用「從購物車中刪除」,另一個用「加入購物車」

來源

2016-03-08 04:17:31

相關問題

 相關問題