Calculating the sum of latest values - Timelion/Kibana

emil.mirzayev · December 1, 2017, 8:37am

Hey there!
I am new to ELK stack. I have the data of measurements of different devices by time. Every 15 min, I get new values per each device (and value in t is always bigger or equal to value in t-1). What I want to do, is to calculate the sum of the latest values of each device within a given time period. Is it possible to do in Timelion or Kibana directly? My data structure is like this:
timestamp; device_id; value
timestamp; device_id; value
timestamp+15min; device_id; value
timestamp+15min; device_id; value

Edit: Docouments are in one index named "measurements".

LeeDr · December 1, 2017, 10:07pm

Hi Emil,

My first thought would be a Data Table visualization like this;
I used Metric = max bytes, but you would use your value I think.
And then I split rows with a Terms aggregation by extension.raw, but you would use your device_id for that.

Let me know if that works for you.

Regards,
Lee

emil.mirzayev · December 4, 2017, 8:45am

Hi Lee,
looks like it is what I need. I think after having lots of devices, showing only the top -n- won't be the best possibility. Is it possible also to remove the limitation? I can put it to 100 or 1000, but it would be great to know how to remove it

EDIT: Is it also possible to have timestamp field in the table? I want to show the value graph by time per each device?

best,
Emil

LeeDr · December 5, 2017, 11:04pm

In Management > Advanced Settings there's this setting;

metrics:max_buckets
The maximum number of buckets a single datasource can return
default value is 2000

You could increase that, but you might have performance issues or use a lot of memory on your Elasticsearch node(s) and/or your Kibana server.

system · January 2, 2018, 11:04pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.