一个领域中的多个词可视化
multiple words visualization in a field
我正在尝试以一种可以绘制图形的方式可视化 kibana,其中客户将东西添加到购物车 VS 客户从购物车中移除东西。我正在从错误日志中获取这些数据。
这里是 json
的数据示例
{
"_index": "filebeat-2016.03.08",
"_type": "php-error",
"_id": "AVNUOptErt39_iTb3Riw",
"_score": null,
"_source": {
"message": "[Mon Mar 07 20:15:35.571673 2016] [:error] [pid 13829] [client 24.220.167.100:56888] {\"email\":null,\"name\":\" \",\"message\":\"remove from cart\",\"remaining_cart_items\":\"{\\\"total\\\":\\\"1 item(s) - .26\\\"}\"}, referer: https://exsite.com/",
"@version": "1",
"@timestamp": "2016-03-08T03:15:36.786Z",
"beat": {
"hostname": "ip-110-0-0-154",
"name": "ip-110-0-0-154"
},
"count": 1,
"fields": null,
"input_type": "log",
"source": "/var/log/apache2/error.log",
"type": "log_format_error",
"host": "ip-10-0-0-154"
},
"fields": {
"@timestamp": [
1457406936786
]
},
"sort": [
1457406936786
]
}
你可以看到有一个 "remove from cart" 我可以用它在 dicover 中搜索,然后从中创建一个视觉对象。这是添加到购物车的数据
{
"_index": "filebeat-2016.03.08",
"_type": "php-error",
"_id": "AVNUOhKOrt39_iTb3Riv",
"_score": null,
"_source": {
"message": "[Mon Mar 07 20:14:56.377612 2016] [:error] [pid 13839] [client 24.220.167.100:56882] {\"email\":null,\"name\":\" \",\"message\":\"Added to cart\",\"add_to_cart\":\"{\\\"success\\\":\\\"Success: You have added <a href=\\\\\\\"https:\\\\\\/\\\\\\/site.com\\\\\\/whitesting\\\\\\\">My Test<\\\\\\/a> to your <a href=\\\\\\\"https:\\\\\\/\\\\\\/site.com\\\\\\/index.php?route=checkout\\\\\\/cart\\\\\\\">shopping cart<\\\\\\/a>!\\\",\\\"total\\\":\\\"2 item(s) - .51\\\"}\"}, referer: https://exsite.com/dtesting",
"@version": "1",
"@timestamp": "2016-03-08T03:15:01.767Z",
"beat": {
"hostname": "ip-110-0-0-154",
"name": "ip-110-0-0-154"
},
"count": 1,
"fields": null,
"input_type": "log",
"source": "/var/log/apache2/error.log",
"type": "log_format_error",
"host": "ip-10-0-0-154"
},
"fields": {
"@timestamp": [
1457406901767
]
}
}
那么现在我如何绘制这些数据,我可以看到有多少次移除和多少次添加到购物车。
我发现的查询是
"remove from cart" OR "Added to cart"
谢谢
理想情况下,您会使用诸如 logstash 之类的东西来解析日志行,因此不必像现在这样求助于查询,但如果必须,您始终可以使用过滤器聚合。
当您构建可视化效果时(假设您正在使用条形图),您将创建以下聚合来可视化此数据:
- 计算每个存储桶中文档的指标(默认情况下存在)
- x 轴的桶是您时间字段上的日期直方图
- 使用过滤器聚合拆分条形的桶。然后给这个 agg 两个过滤器,一个用 "remove from cart" 另一个用 "added to cart"
我正在尝试以一种可以绘制图形的方式可视化 kibana,其中客户将东西添加到购物车 VS 客户从购物车中移除东西。我正在从错误日志中获取这些数据。
这里是 json
的数据示例{
"_index": "filebeat-2016.03.08",
"_type": "php-error",
"_id": "AVNUOptErt39_iTb3Riw",
"_score": null,
"_source": {
"message": "[Mon Mar 07 20:15:35.571673 2016] [:error] [pid 13829] [client 24.220.167.100:56888] {\"email\":null,\"name\":\" \",\"message\":\"remove from cart\",\"remaining_cart_items\":\"{\\\"total\\\":\\\"1 item(s) - .26\\\"}\"}, referer: https://exsite.com/",
"@version": "1",
"@timestamp": "2016-03-08T03:15:36.786Z",
"beat": {
"hostname": "ip-110-0-0-154",
"name": "ip-110-0-0-154"
},
"count": 1,
"fields": null,
"input_type": "log",
"source": "/var/log/apache2/error.log",
"type": "log_format_error",
"host": "ip-10-0-0-154"
},
"fields": {
"@timestamp": [
1457406936786
]
},
"sort": [
1457406936786
]
}
你可以看到有一个 "remove from cart" 我可以用它在 dicover 中搜索,然后从中创建一个视觉对象。这是添加到购物车的数据
{
"_index": "filebeat-2016.03.08",
"_type": "php-error",
"_id": "AVNUOhKOrt39_iTb3Riv",
"_score": null,
"_source": {
"message": "[Mon Mar 07 20:14:56.377612 2016] [:error] [pid 13839] [client 24.220.167.100:56882] {\"email\":null,\"name\":\" \",\"message\":\"Added to cart\",\"add_to_cart\":\"{\\\"success\\\":\\\"Success: You have added <a href=\\\\\\\"https:\\\\\\/\\\\\\/site.com\\\\\\/whitesting\\\\\\\">My Test<\\\\\\/a> to your <a href=\\\\\\\"https:\\\\\\/\\\\\\/site.com\\\\\\/index.php?route=checkout\\\\\\/cart\\\\\\\">shopping cart<\\\\\\/a>!\\\",\\\"total\\\":\\\"2 item(s) - .51\\\"}\"}, referer: https://exsite.com/dtesting",
"@version": "1",
"@timestamp": "2016-03-08T03:15:01.767Z",
"beat": {
"hostname": "ip-110-0-0-154",
"name": "ip-110-0-0-154"
},
"count": 1,
"fields": null,
"input_type": "log",
"source": "/var/log/apache2/error.log",
"type": "log_format_error",
"host": "ip-10-0-0-154"
},
"fields": {
"@timestamp": [
1457406901767
]
}
}
那么现在我如何绘制这些数据,我可以看到有多少次移除和多少次添加到购物车。
我发现的查询是
"remove from cart" OR "Added to cart"
谢谢
理想情况下,您会使用诸如 logstash 之类的东西来解析日志行,因此不必像现在这样求助于查询,但如果必须,您始终可以使用过滤器聚合。
当您构建可视化效果时(假设您正在使用条形图),您将创建以下聚合来可视化此数据:
- 计算每个存储桶中文档的指标(默认情况下存在)
- x 轴的桶是您时间字段上的日期直方图
- 使用过滤器聚合拆分条形的桶。然后给这个 agg 两个过滤器,一个用 "remove from cart" 另一个用 "added to cart"