19

I'm facing a following problem. In Kibana 4 I've created a line chart based on my input from elasticeasrch but I can only display average, min, max instead of an actual value of the field per time, e.g. sent bytes. Most answears to that question on stackoverflow are about Kibana 3 (How to create value over time chart with Kibana 3?) and seem to include a Histogram on a X axis, yet I can't seem to find one which will enable me to apply them to Kibana 4. I was unable to find the histogram panel and once I click on the discover tab there is the constant Searching loading.

If I have the following fields in my _source: {"timestamp":"2015-06-02T10:16:44.0855","time":587,"threadName":"Thread Group 1-957","byte":1372,"status":"false","latence":306,"registerCall":"404"}

and I would like to have the number of bytes on the Y-axis and on the X-axis my timestamp.

Any help in the right direction will be appreciated :)

Improve this question
1
  • What do you mean by "I was unable to find the histogram panel and once I click on the discover tab there is the constant Searching loading"? Are those two additional questions/problems? If DIscover is not working for you you might have other problems
    – Jim Davis
    Commented Jun 10, 2015 at 20:08

2 Answers 2

Reset to default
14

To create a value over time line chart in Kibana, follow these steps: Go to visualize tab and select line chart In the X-axis, select X-axis, Aggregation as Date Histogram and then select your timestamp field as the date field.

Next for the Y-Axis, select Sum as the aggregation and then bytes as the field.

Improve this answer
2
  • I'm having more of a problem with the Y-axis as there is selected count. When it is selected it only counts the number of the instances of input data and not the specific field.timestamp: June 2nd 2015, 12:16:44.085 time: 587 threadName: Thread Group 1-957 byte: 1372 status: false latence: 306 registerCall: 404 _source: {"timestamp":"2015-06-02T10:16:44.0855","time":587,"threadName":"Thread Group 1-957","byte":1372,"status":"false","latence":306,"registerCall":"404"} _id: 789 _type: test _index: testlab
    – Artemis
    Commented Jun 2, 2015 at 10:56
  • You can keep the field as sum of bytes.
    – Limit
    Commented Jun 3, 2015 at 8:55
7

For the X axis, what Alcanzar said is good, but as you notice, the Y axis is problematic.

Sum (suggested by "Limit") works, but since it's aggregated, it shows the total used in each aggregated bucket, but that may be meaningless depending on what you are trying to show. Your question isn't clear on what you want, so I'm just guessing here. One hour of requests, each of which ran for one minute and sent 1 megabyte is indeed 60 megabytes-minutes, if you are trying to show total capacity used over than hour (maybe you are paying a bill based on usage per time). On the other hand, if you are trying to show peak usage in each time, it would be wrong.

You said you already looked and Max and Min and they don't meet your needs. I don't suppose Standard Deviation would be any better?

I have the same concern. The best I've been able to do so far is display Min and Max simultaneously in the Y axis. When they diverge, I know I'm zoomed out too far, so I zoom in until they align. when zoomed out too far, max and min diverge This is how I know I'm seeing individual events.

In any case, I share your frustration. I too would like to be able to show time series as easily as I can in, say, Excel.

Improve this answer
0

Not the answer you're looking for? Browse other questions tagged or ask your own question.