I am trying to make a table visualization that shows the 30-day averages of the daily averages of log volume (count) per per log source split by type.
For example,
If I have 10 log sources, half are firewalls, and half are windows hosts. Firewalls send logs that are of type “firewall”, and windows hosts send logs of type “wineventlog”.
I am trying to see what the 30-day average of the daily average document count is per host split by type.
I cannot seem to get the kibana table visualization quite right for this. Does anyone know how to do this calculation?
in classical visualizations this won't be possible. You can do a moving avarage but you can't specify your period (30 day). This might be possible from TSVB however, selectng moving average aggregation you can select the window size.
under panel options select daily interal
count metric
moving average metric with window size 30 on count
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.