Page MenuHomePhabricator

Kibana functionality missing after upgrade: histograms
Closed, InvalidPublic

Description

In the Kibana upgrade, we lost several important features, which overall make the logstash / kibana infrastructure significantly less useful for tasks like investigating ongoing issues or anomalies.

Histograms

The previous version of Kibana offered a histogram of values for a given log property in a query. We used this extensively for tasks like finding top user agents sending specific requests, getting an idea of response code distribution, looking for failing pages, and so on.

Furthermore, the histogram tool supported adding further criteria to the current query by selecting values, which made it very useful for quickly drilling down into the data.

We were also able to select the log type/level and fliter based on that, which was extremely useful.

Event Timeline

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptDec 9 2016, 3:12 PM
mobrovac updated the task description. (Show Details)Dec 9 2016, 3:16 PM

Poking through the 'Visualize' tab, kibana 4 reports having both standard and date based histograms. It looks like the standard histograms might not be usable because they require numbers to work on, and we have mapped everything to strings to solve inconsistent type problems. Suggestions are needed on T150106 for the best ways to handle the strict typing requirements of fields while accepting data from completely un-coordinated applications.

GWicke added a comment.EditedDec 9 2016, 3:32 PM

The workflow we were using is more along the lines of:

  1. Query some subset of log entries, typically starting from a dashboard.
  2. Pull up a histogram of a property's values across the query results by clicking the icon in the property of one of the events, or in the list of all properties in the sidebar.
  3. Often, narrow down the query to one those values by clicking the "add to query" button next to the value in the histogram. Go to 2) to further narrow down the data.

This is pretty much the equivalent of exploring text logs with | sort | uniq -c | sort -n, and then adding another filter to the pipeline. I haven't been able to do anything like this in the new Kibana. If there is a way, then a how-to would be awesome.

MoritzMuehlenhoff triaged this task as Medium priority.Jan 16 2017, 11:21 AM
fgiunchedi closed this task as Invalid.Dec 9 2019, 11:53 AM
fgiunchedi added a subscriber: fgiunchedi.

I'm boldly declining this task for now as there hasn't been activity and/or other use cases / feature requests. Feel free to reopen if needed!