I have documents under two daily indexes. Both have count field which is >=1.
I want to create a graph which shows trend of ratio of these two fields aggregated over time.
Data will be sampled based on time duration selected in dashboard ex : for one day each sample would be be 10 min which will sum these two fields separately and calculate ratio and then show as one data point. So for 24 hours it would be 24*60 point in the graph.
How can I achieve same in Kibana 4 ?
We tried something similar but turns out it is not possible in Kibana.
As of now you can not plot a calculated field based on two different fields in Kibana.
To workaround this, we implemented a plugin that modifies data before it is pumped to elastic search. So we carried out calculations in that plugin. Also, the plugin periodically pumps data to elastic search so kibana gets the latest values
Related
I usually do it in Excel but it is not easy for me to do it in KIBANA as well
I have this table in Excel and every hour I want to average for all instancs in the fiels "detail" but excluding the lowest three values (nine details each hour, the average should be only for the the six highest of them). In Excel I use the LARGE function.
https://docs.google.com/spreadsheets/d/1LcKO8TGl49dz6usWNwxRx0oVgQb9s_h1/edit?usp=sharing&ouid=114168049607741321864&rtpof=true&sd=true
In your opinion is there any chance to do it directly in KIBANA?
No idea how to proceed
You can use lens table visualization and set the number of rows to 6 and order rows by descending order of your CPU load. Look at the sample data table here
The average here is calculated for the top 6 values of bytes only.
Here are the settings:
You can try replacing the clientIP here by details and bytes by CPU load
No, it is not possible to automatically remove the last N results from the equation in Kibana. You should be manually filtering out from the list in the visualization every time.
The only alternative I see is to add an extra step that deletes or flags the 3 results per hour you want to exclude, and then in Kibana you just add a regular filter.
The easiest way I can think of is creating a watcher that groups the results by hour, sort by CPU, and then ingest the first 6 results in a different index you can query using Kibana.
Docs: https://www.elastic.co/guide/en/elasticsearch/reference/current/xpack-alerting.html
If this acceptable for you I can edit this answer with more details about the Watcher I would create.
my kibana version is 4.5.
my elastic version is 2.3.1.
see the pic1 .the uv is 7665.
but see the pic2.the uv is 7845.
why diffrent ?
kibana unique count seeing not correct.
If these charts are based on live data, then I doubt both the graphs cannot show the same count since you're having two different time-range in both the graphs.
In the first one your time range is yesterday, where as in the second one your trying to have an auto-refresh every minute which shows as paused. I'm assuming that you're dealing with live data so that some records might have slipped through, by the time you paused. If not I cannot see any chances of these two showing two different values.
Just being curious, how do you know that the correct count for uv should be 7665 since I can't see the exact value of uv from the snapshot of the graph? Did you double check from your ES indice through a query?
EDIT:
Interestingly Unique counts are based on the cardinality aggregation, which is designed to work efficiently across very large amounts of data and delivers an approximate result, which may why your results vary. You can maybe try increasing the precision_threshold.
To get a more correct value, add a something like: {"precision_threshold": 1000} to the "JSON Input" box for the aggregation.
Hope this helps!
I have a query with respect to building visualizations in Kibana.
I have already performed aggregations like uniq value over a period of time(say every 1 minute for 30 days) and saved it in Elastic Search. Now I want to plot this graph in Kibana
The problem I am facing is that Kibana is asking me to select a aggregation(like sum, uniq count,etc.) for Y-axis and select a field to apply the same.
On X-axis, I am having timestamp.
But since as mentioned above, I have already done the Uniq Count of my data set over timeperiod of 1 minute interval for a period of 30 days and stored it in Elastic Search, Hence I donot want Kibana to aggregate the data for me, rather just plot the data which I have in my Elastic Search.
Is it possible to just plot the data which I have in Elastic Search to Visualize in Kibana, but not aggregating them over there in my Y-axis?
If Yes How can I do so. Please advise on this problem of Kibana.
Thanks
I don't know if you are still struggling with this or not...
If you already have the data "summed up", then as you say, it is not necessary to tell Kibana (Actually Elasticsearch) to do the summing for you... this is true, if you are going to be plotting ONE minute time intervals. Over a period of 30 days is around (...) 43200 intervals... it is a LOT for charting. So kibana is going to suggest (strongly, and with a lot of sense) to use say, 30 minutes or even hourly intervals.
Now, if for instance you are grouping together events for a whole hour, then Elasticsearch is going to either SUM/AVG/MIN/MAX this 60 measurements and get a single value for that hour's plot.
So, my advice is that you select a Average Metric, and use common sense for the time lapse selection. That way you are going to have your chart, and if you really need to go to the minute by minute detail, you are go
I'm facing a following problem. In Kibana 4 I've created a line chart based on my input from elasticeasrch but I can only display average, min, max instead of an actual value of the field per time, e.g. sent bytes.
Most answears to that question on stackoverflow are about Kibana 3 (How to create value over time chart with Kibana 3?) and seem to include a Histogram on a X axis, yet I can't seem to find one which will enable me to apply them to Kibana 4. I was unable to find the histogram panel and once I click on the discover tab there is the constant Searching loading.
If I have the following fields in my _source:
{"timestamp":"2015-06-02T10:16:44.0855","time":587,"threadName":"Thread Group 1-957","byte":1372,"status":"false","latence":306,"registerCall":"404"}
and I would like to have the number of bytes on the Y-axis and on the X-axis my timestamp.
Any help in the right direction will be appreciated :)
To create a value over time line chart in Kibana, follow these steps:
Go to visualize tab and select line chart
In the X-axis, select X-axis, Aggregation as Date Histogram and then select your timestamp field as the date field.
Next for the Y-Axis, select Sum as the aggregation and then bytes as the field.
For the X axis, what Alcanzar said is good, but as you notice, the Y axis is problematic.
Sum (suggested by "Limit") works, but since it's aggregated, it shows the total used in each aggregated bucket, but that may be meaningless depending on what you are trying to show. Your question isn't clear on what you want, so I'm just guessing here. One hour of requests, each of which ran for one minute and sent 1 megabyte is indeed 60 megabytes-minutes, if you are trying to show total capacity used over than hour (maybe you are paying a bill based on usage per time). On the other hand, if you are trying to show peak usage in each time, it would be wrong.
You said you already looked and Max and Min and they don't meet your needs. I don't suppose Standard Deviation would be any better?
I have the same concern. The best I've been able to do so far is
display Min and Max simultaneously in the Y axis. When they diverge, I know I'm zoomed out too far, so I zoom in until they align.
This is how I know I'm seeing individual events.
In any case, I share your frustration. I too would like to be able to show time series as easily as I can in, say, Excel.
what I have:
24h logged data in elasticsearch with a number field containing the byte size of transmitted messages (microsecond granularity).
Via a date histogram I can easily drill down to ms-intervals to determine network traffic spikes.
what I need:
a deterministic way to find the maximum traffic spike within the 24 hours based on a fixed size 100 ms interval.
find( max( sum(bytessize) of X ms interval)) over Yh range)
I'm new to the ELK-Stack, so any help how and where (elasticsearch or kibana) to solve such a problem is appreciated.
If i understand correctly, then something very similar to what you want can be done, and you are very close.
Click on the 'pencil' icon in the top right corder of you graph to edit the visualization. In your 'Y-Axis' aggregation choose 'Max' as the aggregation type.
In the 'X-Axis' aggregation section, I see you're already using a 'Date Histogram', so just define the interval to be 'Second' (That's the lowest possible interval in kibana, currently available)