I usually do it in Excel but it is not easy for me to do it in KIBANA as well
I have this table in Excel and every hour I want to average for all instancs in the fiels "detail" but excluding the lowest three values (nine details each hour, the average should be only for the the six highest of them). In Excel I use the LARGE function.
https://docs.google.com/spreadsheets/d/1LcKO8TGl49dz6usWNwxRx0oVgQb9s_h1/edit?usp=sharing&ouid=114168049607741321864&rtpof=true&sd=true
In your opinion is there any chance to do it directly in KIBANA?
No idea how to proceed
You can use lens table visualization and set the number of rows to 6 and order rows by descending order of your CPU load. Look at the sample data table here
The average here is calculated for the top 6 values of bytes only.
Here are the settings:
You can try replacing the clientIP here by details and bytes by CPU load
No, it is not possible to automatically remove the last N results from the equation in Kibana. You should be manually filtering out from the list in the visualization every time.
The only alternative I see is to add an extra step that deletes or flags the 3 results per hour you want to exclude, and then in Kibana you just add a regular filter.
The easiest way I can think of is creating a watcher that groups the results by hour, sort by CPU, and then ingest the first 6 results in a different index you can query using Kibana.
Docs: https://www.elastic.co/guide/en/elasticsearch/reference/current/xpack-alerting.html
If this acceptable for you I can edit this answer with more details about the Watcher I would create.
Related
I'm wondering what would be an efficient way to detect the last modified timestamp of an index in Elastic Search. I have read posts of adding a timestamp fields in pipeline but this solution has limitations (e.g. only newly created index supports timestamp update?)
If only a handful of indices are required to track their last modify time, what would be the most efficient way? Would periodic query and compare result between queries give us an approx. last modify time? any other ways to track ES events?
there is a creation_date setting, but not a comparable update_date one. the reasoning behind this is that updating this for every indexing event would be very expensive, even more so in a distributed environment
you could use something like meta, but it has the same limitation as adding a timestamp to individual documents
I have a data set similar to the table below (simplified for brevity)
I need to calculate the total spend per conversion per team for every month, with ability to plot this as time based line chart being an additional nicety. The total spend is equal to the sum of Phone Expenditure, Travel allowance & Misc. Allowance, this can be a calculated field.
I cannot add a calculated field for the ratio, as for some sales person, the number of conversion can be 0 for a given month. So, averaging over team is not option. How can I go about this?
Thanks for help and suggestions in advance!
I've discussed the question with the Harish offline. I've learned that he is trying to calculate ratio per group, not per row.
To perform calculations per group, users can add calculated fields inside a QuickSight analysis and use level aware aggregation expressions. (Note that level aware aggregations can only be used in an analysis, not in the data prep view). Here is a link to the documentation about level aware aggregations if you want to learn more about this area https://docs.aws.amazon.com/quicksight/latest/user/level-aware-aggregations.html
Good day, everyone. I have a lit bit strange case of using elastic search for me.
There are two different indexes, each index contain one data type.
First type contains next important for this case data:
keyword (text,keyword),
URL (text,keyword)
position (number).
Second type contains next data fields:
keyword (text,keyword)
numberValue (number).
I need to do next things:
1.Group data from the first ind by URL
2.For each object in group calculate new metric (metric A) by next simple formula: position*numberValue*Param
3.For each groups calculate sum of elements metric A we have calculated on stage 1
4.Order by desc result groups by sums we have calculated on stage 3
5.Take some interval of result groups.
Param - param, i need to set for calculation, this is not in elastic.
That is not difficult algorithm, but data in different indices, and i don`t know how to do it fast, and i prefer to do it on elastic search level.
I don`t know how to make effective data search or pipeline of data processing which can help me to implement this case.
I use ES version 6.2.3 if it is important.
Give me some advice, please, how can i implement this algorithm.
By reading 2. you seem to assume keyword is some sort of primary key. Elasticsearch is not an RDB and can only reason over one document at a time, so unless numberValue and position are (indexed) fields of the same document you can't combine them.
The rest of the items seem to be possible to achieve with the help of Aggregation
I'm facing a following problem. In Kibana 4 I've created a line chart based on my input from elasticeasrch but I can only display average, min, max instead of an actual value of the field per time, e.g. sent bytes.
Most answears to that question on stackoverflow are about Kibana 3 (How to create value over time chart with Kibana 3?) and seem to include a Histogram on a X axis, yet I can't seem to find one which will enable me to apply them to Kibana 4. I was unable to find the histogram panel and once I click on the discover tab there is the constant Searching loading.
If I have the following fields in my _source:
{"timestamp":"2015-06-02T10:16:44.0855","time":587,"threadName":"Thread Group 1-957","byte":1372,"status":"false","latence":306,"registerCall":"404"}
and I would like to have the number of bytes on the Y-axis and on the X-axis my timestamp.
Any help in the right direction will be appreciated :)
To create a value over time line chart in Kibana, follow these steps:
Go to visualize tab and select line chart
In the X-axis, select X-axis, Aggregation as Date Histogram and then select your timestamp field as the date field.
Next for the Y-Axis, select Sum as the aggregation and then bytes as the field.
For the X axis, what Alcanzar said is good, but as you notice, the Y axis is problematic.
Sum (suggested by "Limit") works, but since it's aggregated, it shows the total used in each aggregated bucket, but that may be meaningless depending on what you are trying to show. Your question isn't clear on what you want, so I'm just guessing here. One hour of requests, each of which ran for one minute and sent 1 megabyte is indeed 60 megabytes-minutes, if you are trying to show total capacity used over than hour (maybe you are paying a bill based on usage per time). On the other hand, if you are trying to show peak usage in each time, it would be wrong.
You said you already looked and Max and Min and they don't meet your needs. I don't suppose Standard Deviation would be any better?
I have the same concern. The best I've been able to do so far is
display Min and Max simultaneously in the Y axis. When they diverge, I know I'm zoomed out too far, so I zoom in until they align.
This is how I know I'm seeing individual events.
In any case, I share your frustration. I too would like to be able to show time series as easily as I can in, say, Excel.
I have documents under two daily indexes. Both have count field which is >=1.
I want to create a graph which shows trend of ratio of these two fields aggregated over time.
Data will be sampled based on time duration selected in dashboard ex : for one day each sample would be be 10 min which will sum these two fields separately and calculate ratio and then show as one data point. So for 24 hours it would be 24*60 point in the graph.
How can I achieve same in Kibana 4 ?
We tried something similar but turns out it is not possible in Kibana.
As of now you can not plot a calculated field based on two different fields in Kibana.
To workaround this, we implemented a plugin that modifies data before it is pumped to elastic search. So we carried out calculations in that plugin. Also, the plugin periodically pumps data to elastic search so kibana gets the latest values