1. Ensure that your log data (including the HTTP status code field) has been correctly collected and indexed into Elasticsearch. Typically, the HTTP status code field in logs is labeled as status_code or a similar name.
2. Open Kibana and navigate to the 'Visualize' page.
Log in to the Kibana console, select the 'Visualize' module from the sidebar, which is where you create and manage visualizations.
3. Create a new visualization.
Click 'Create visualization' and select the desired chart type. For a stacked chart, choose 'Vertical Bar Chart'.
4. Configure the data source.
Select the index or index pattern associated with your log data. Ensure the selected index contains HTTP status code data.
5. Set the Y-axis.
- Metrics: Select 'Count' to calculate the number of occurrences for each HTTP status code.
6. Set the X-axis.
- Buckets: Click 'Add' and select 'X-axis'.
- In 'Aggregation', choose 'Terms' to group by HTTP status codes.
- In 'Field', select the field that records the HTTP status code, such as
status_code. - Set 'Order By' to 'Metric: Count' and 'Order' to descending to display the most common status codes.
7. Set the split series.
- This step creates the stacked effect. In the 'Buckets' section, click 'Add sub-buckets', select 'Split Series', and choose a relevant field for further grouping, such as server, client, or time period.
8. Select the stacked display method.
In the chart options, ensure 'Stacked' is selected as the display method.
9. Save and name the visualization.
Name your visualization and save it for use in a Dashboard.
10. Review and adjust.
Review the visualization results and adjust chart size, colors, or other settings as needed to clearly convey the intended information.
Example
Suppose we have log data from a web server containing various HTTP request status codes. By following these steps, we can create a stacked bar chart showing the frequency of different status codes (e.g., 200, 404, 500) over 24 hours. This is very helpful for quickly identifying issues with the website during specific times (e.g., high error rates).