Elasticsearchquery~30 mins

Dashboard creation in Elasticsearch - Mini Project: Build & Apply

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Time

Dashboard creation

📖 Scenario: You are building a monitoring dashboard for a web application. Your Elasticsearch cluster has an index called web-logs containing request logs with fields like @timestamp, status_code, response_time, method, and endpoint. You need to create the aggregation queries that power each dashboard panel.

🎯 Goal: Write the Elasticsearch aggregation queries that would back a Kibana dashboard with four panels: total requests metric, status code breakdown, response time over time, and top endpoints table.

📋 What You'll Learn

Query for total request count in the last 24 hours

Aggregate status codes into a pie chart breakdown

Build a date histogram of average response time

Create a terms aggregation for top 10 endpoints by request count

💡 Why This Matters

🌍 Real World

Every Elasticsearch deployment uses Kibana dashboards for monitoring logs, application metrics, and business analytics in real time.

💼 Career

DevOps and SRE engineers build and maintain Kibana dashboards daily to monitor production systems and respond to incidents.

Progress0 / 4 steps

Total requests metric query

Write a query to the web-logs index that counts all documents in the last 24 hours. Use a range filter on @timestamp with gte set to "now-24h" and lte set to "now". Set size to 0 since we only need the count.

Elasticsearch

GET /web-logs/_search
{
  "size": 0,
  "query": {
    // Add range query on @timestamp for last 24 hours
    // Your code here
  }
}

Need a hint?

Use a range query on @timestamp with relative date math: now-24h to now.

Status code breakdown aggregation

Extend the query to add an aggs section with a terms aggregation named "status_codes" on the field "status_code". Set size to 10 to get the top 10 status codes.

Elasticsearch

GET /web-logs/_search
{
  "size": 0,
  "query": {
    "range": {
      "@timestamp": {
        "gte": "now-24h",
        "lte": "now"
      }
    }
  },
  "aggs": {
    // Add terms aggregation on status_code field
    // Your code here
  }
}

Need a hint?

Use a terms aggregation with the field set to status_code.

Response time over time histogram

Write a separate query with a date_histogram aggregation named "response_over_time" on "@timestamp" with a fixed_interval of "1h". Inside it, add a sub-aggregation named "avg_response" that computes the avg of the "response_time" field.

Elasticsearch

GET /web-logs/_search
{
  "size": 0,
  "aggs": {
    // Add date_histogram on @timestamp with 1h interval
    // Add avg sub-aggregation on response_time
    // Your code here
  }
}

Need a hint?

Nest an avg aggregation inside the date_histogram to compute average response time per hour bucket.

Top endpoints table aggregation

Write a query with a terms aggregation named "top_endpoints" on "endpoint.keyword" with size 10. Add two sub-aggregations: "total_requests" using value_count on "endpoint.keyword", and "avg_time" using avg on "response_time".

Elasticsearch

GET /web-logs/_search
{
  "size": 0,
  "aggs": {
    // Add terms aggregation on endpoint.keyword
    // Add value_count and avg sub-aggregations
    // Your code here
  }
}

Need a hint?

Use endpoint.keyword (not endpoint) for terms aggregation on a text field's keyword sub-field.