The VIS construct is supported on the NFDB side. With the help of this, you can populate the NF indexed data on the web dashboard in the form of visualization.
Visualizations: This REST is hit by the NFUI and the Web Dashboard returns the list of visualization saved in the NetForest.
REST URL format:
<origin>/unified_vis_data
Example:
https//:10.20.0.74:8000/unified_vis_data
When you hit the above URL directly, NFDB with the required parameter and get the visualization response. The required information from the user end is:
jsonObject ={
gte: 1525113000000,
lte: 1556648939000,
interval: ‘5m’,
env: ‘prod’,
query: ‘*|VIS count() by @timestamp[]’,
indexPattern: ‘*’,
metricAggregation: [ ],
bucketAggregation: [ ]
}
Below is the sample of response (visualizations) of this REST, which is returned by NFDB after processing the VIS query:
[“New-Visualization1”, “search1″,”areachart1″,”vip1″,”chart1″,”2″,”New”,”New-Visualization”]
vis_data: This REST needs some parameters to process, which are below:
- gte/gt: It contains start time of the dashboard window.
- lte/lt: It contains the end time of the dashboard window.
- interval: Interval for bucketization in NetForest (day/week/month).
- query: Query with VIS construct to get data from NFDB.
- env: NetForest environment to get data.
- indexPattern: From which index data will be retrieved.
- metricAggregation: Chart metric aggregation ([{aggType:’count’, field: ‘resptime’}] ).
- bucketAggregation: Chart bucket aggregation ([{aggType:’term’, field: clientip}]).
Processing of Request
The handling of requests takes place at NFDB with the new rest point ‘unified_vis_data’.
REST URL format:
<origin>unified_vis_data
Below are the steps for processing the request and returning of response:
- Collect the vis_data provided by user for visualization.
{gte: 1436251020000,
lt: 1594103819000,
interval: ‘1M’,
env: ‘prod’,
timeZone: ‘Asia/Kolkata’,
query: ‘*|VIS count () by @timestamp []’,
indexPattern: ‘*’,
metricAggregation: [],
bucketAggregation: []
}
- Design standard msearch request body from unified_vis_data.
{“body”:[{“index”:”*”},{“query”:{“bool”:{“must”:[{“query_string”:{“query”:”*”,”analyze_wildcard”:true}},{“range”:{“@timestamp”:{“gte”:1436251020000,”lt”:1594103819000,”format”:”epoch_millis”}}}],”must_not”:[]}},”size”:10,”sort”:[{“@timestamp”:{“order”:”desc”,”unmapped_type”:”boolean”}}],”aggs”:{“2”:{“date_histogram”:{“field”:”@timestamp”,”interval”:”1M”,”min_doc_count”:1,”time_zone”:”Asia/Kolkata”},”aggs”:{}}}}]}
- Hit _msearch request and collect the response.
- Fetch the Aggregation part from the msearch response.
aggregations”: {
“2”: {“buckets”:[{“key_as_string”:”2020-07- 01T00:00:00.000+05:30″,”key”:1593541800000,”doc_count”:4694}]}},”status”:200}]
}
- Design standard visualization response and return to NFUI/Web Dashboard backend.
[{“visualizationName”:”nf_unified_chart”,”metaData”:[“@timestamp”],”graphID”:50001,”groupID”:50002,”arrTimeStamp”:[1593541800000],”visualizationData”:[{“metricName”:”count”,”vectorName”:”_all”,”totalCount”:””,”data”:[4694],”graphID”:1, “groupID”:50002 ,”max”:4694 ,”min”:4694 ,”avg”:469 4,”stdDev” :0,”lastSample”:4 694,”sampleCount”:1}]}]
Below is some important field information from the visualization response:
- visualizationName: Name of saved visualization.
- metaData: Array of applied bucket aggregation in the chart.
- chartType: Type of chart (line/bar, etc.).
- arrTimeStamp: Array of timestamp coming from NFDB in response.
- visualizationData: Array bucket aggregation data.