Kibana histogram - drawing multiple series on a single chart

前端未结

关注

 4  679

逝去的感伤

I have an index in Elasticsearch which contains an array of simple objects (key-value please see example below).

The documents have a timestamp.

I can creat

相关标签:

4条回答

南旧

2021-01-18 05:07
I have the solution to this problem. Is similar to the answer given by @OmarOthman but without the aforementioned issues, namely:
1. With the information aggregated in an array is impossible, is a feature that the Elastic team has not addressed yet.
2. You would need to disaggregate your documents in separate documents, one with each value of the array. You can use parent documents features of elastic to gather them.
3. Once you have the documents with this shape:
Disaggregated form:
```
{ "_datetime" : "2014-03-21 10:10:10", "bytes_sent": 12312, "bytes_received" : 123123 }  
{ "_datetime" : "2014-03-21 10:10:11", "bytes_sent": 12310, "bytes_received" : 12313 }
```
instead of:
```
[…]
"_datetime" : "2014-03-21 10:10:10",
"showstatus": [
{
"value": 96451,
"variable_name": "bytes_sent"
},
{
"value": 435322,
"variable_name": "bytes_received"
}
]
}
[…]
```
You can draw multiple series in Timelion like @OmarOthman said but you can also add a secondary (and even tertiary) Y axis using the method yaxis of Timelion, like:
```
.es('avg:bytes_sent').yaxis(1, label='Bytes sent').bars(), .es('avg:bytes_received').yaxis(2, label='Bytes received', positon='right').bars()
```
With the method bars you can draw it as a date histogram.

The other approach proposed by @ OmarOthman would only show the average 'value' taking all the "value" data from all the documents of the showstatus array. This is done because the query 'showstatus.variable_name:bytes_sent' is always true because all documents have that "variable name" in their array showstatus. Hence, both series would be the same unless some documents have not the bytes_sent variable_name inside the array showstatus. Try to draw it, it doesn't work as expected.
0 讨论(0)
发布评论:

提交评论
- 加载中...
小鲜肉

2021-01-18 05:10

This is possible by running two queries, one to plot bytes_sent and one to plot bytes_received. Set the histogram to use the common "value" field. It looks like you may also need to split your data up as well so there's unique records that are timestamp,bytes_sent,value and timestamp,bytes_received,value.

-Brent

0 讨论(0)
发布评论:

提交评论
- 加载中...
没有蜡笔的小新

2021-01-18 05:13

It can be done using a newer panel called "multifieldhistogram". I could use it in Kibana3 after a Kibana patch got installed recently.

Please see this link which shows the panel. https://code.csdn.net/chenryn/kibana.

0 讨论(0)
发布评论:

提交评论
- 加载中...
[愿得一人]

2021-01-18 05:13
For sharing the knowledge regarding newer Kibana versions, this is easy using Kibana's TimeLion tool. Select "Timeseries" when you are asked for the Visualization to create.

It was enough for me to follow the few dialogs that pop up at the beginning to understand how to get started. Something like this should kick it off:
```
.es('showstatus.variable_name:bytes_sent'), .es('showstatus.variable_name:bytes_received')
```
0 讨论(0)
发布评论:

提交评论
- 加载中...