I am using Grafana 4.4.3 version & Elasticsearch 5.6.4 version for my application and I want to build the dashboard(Either bar chart or pie chart) with the following use case,
Let’s say I have an index in elasticsearch called as “winlogbeat”
From the index I am having one field has “event_id” and it has two values 299 & 500, by using the lucene query i am trying to filter the data but the result was not expected.
- In during search if I use the event_id 299 I will get the list of site informations and instance_id, if I use the event_id 500 I will get the username & instance_id and important thing is both instance_id are same in the response. I want to combine these two in single query and find which user has successfully logged in with respect to each site.
How to build the dashboard by showing the site information with respect to user id’s?
Please kindly share any thoughts and it would be very helpful.