字段

时间:2016-03-08 03:58:24

标签: elasticsearch logstash kibana kibana-4

我正在尝试以一种方式可视化kibana,我可以绘制图表,其中客户添加了一些东西到购物车VS哪些客户从购物车中删除了东西。我从错误日志中获取这些数据。

这是

数据的json示例 
{
  "_index": "filebeat-2016.03.08",
  "_type": "php-error",
  "_id": "AVNUOptErt39_iTb3Riw",
  "_score": null,
  "_source": {
    "message": "[Mon Mar 07 20:15:35.571673 2016] [:error] [pid 13829] [client 24.220.167.100:56888] {\"email\":null,\"name\":\" \",\"message\":\"remove from cart\",\"remaining_cart_items\":\"{\\\\\"total\\\\\":\\\\\"1 item(s) - $16.26\\\\\"}\"}, referer: https://exsite.com/",
    "@version": "1",
    "@timestamp": "2016-03-08T03:15:36.786Z",
    "beat": {
      "hostname": "ip-110-0-0-154",
      "name": "ip-110-0-0-154"
    },
    "count": 1,
    "fields": null,
    "input_type": "log",
    "source": "/var/log/apache2/error.log",
    "type": "log_format_error",
    "host": "ip-10-0-0-154"
  },
  "fields": {
    "@timestamp": [
      1457406936786
    ]
  },
  "sort": [
    1457406936786
  ]
}

你可以看到有一个“从购物车中移除”,我可以使用它在dicover中搜索,然后创建一个视觉效果。这是添加到购物车数据

{
  "_index": "filebeat-2016.03.08",
  "_type": "php-error",
  "_id": "AVNUOhKOrt39_iTb3Riv",
  "_score": null,
  "_source": {
    "message": "[Mon Mar 07 20:14:56.377612 2016] [:error] [pid 13839] [client 24.220.167.100:56882] {\"email\":null,\"name\":\" \",\"message\":\"Added to cart\",\"add_to_cart\":\"{\\\\\"success\\\\\":\\\\\"Success: You have added <a href=\\\\\\\\\\\\\"https:\\\\\\\\\\\\/\\\\\\\\\\\\/site.com\\\\\\\\\\\\/whitesting\\\\\\\\\\\\\">My Test<\\\\\\\\\\\\/a> to your <a href=\\\\\\\\\\\\\"https:\\\\\\\\\\\\/\\\\\\\\\\\\/site.com\\\\\\\\\\\\/index.php?route=checkout\\\\\\\\\\\\/cart\\\\\\\\\\\\\">shopping cart<\\\\\\\\\\\\/a>!\\\\\",\\\\\"total\\\\\":\\\\\"2 item(s) - $32.51\\\\\"}\"}, referer: https://exsite.com/dtesting",
    "@version": "1",
    "@timestamp": "2016-03-08T03:15:01.767Z",
    "beat": {
      "hostname": "ip-110-0-0-154",
      "name": "ip-110-0-0-154"
    },
    "count": 1,
    "fields": null,
    "input_type": "log",
    "source": "/var/log/apache2/error.log",
    "type": "log_format_error",
    "host": "ip-10-0-0-154"
  },
  "fields": {
    "@timestamp": [
      1457406901767
    ]
  } 
}

所以现在我如何绘制这些数据,我可以看到删除的数量和添加到购物车的数量。

我在发现中的查询是

"remove from cart" OR "Added to cart"

感谢

1 个答案:

答案 0 :(得分:1)

理想情况下,您可以使用logstash之类的东西来解析日志行,因此不必像现在这样使用查询,但如果必须,您可以始终使用过滤器聚合。

当您构建可视化(假设您正在使用条形图)时,您将创建以下聚合以可视化此数据:

  1. 计算每个存储桶中文档的指标(默认情况下为此)
  2. x轴的存储桶,它是时间字段上的日期直方图
  3. 使用过滤器聚合分割条形的桶。然后给这个agg两个过滤器,一个带有“从购物车中移除”,另一个带有“添加到购物车”
相关问题
最新问题