Hi..
I am new around ELK and I have logs of 15 days with message field, timestamp and 10-12 other fields. Now I want to generate graph in timelion with query "logged in" in message for 24 hour window showing the average of count of all 15 days at any point. I have already implemented it mannually (using timelion expression) my taking offset till 15 days adding them and dividing by 15 but everytime I receive logs for new day I would have to mannually add day 16 in the timelion expression.Is there any other way to do it...? (I guess probably in elasticsearch template itself)
PS: I am using elastic search 2.4.5 and kibana 4.4