Hi, Im trying to display data from the .ml-anomalies-* index on Canvas, but it doesnt show the values in the metric visualization. (the index pattern exists)
SELECT COUNT(*) as count_documents FROM ".ml-anomalies-*" WHERE
anomaly_score > 75 AND job_id = 'my-job
when I run the query I get data
then I use the field that I need in the visualization
but I dont get the value displayed
what is the problem here?
Elastic 7.5
Pretty sure you need the math function:
filters
| essql
query="SELECT COUNT(*) as count_documents FROM \".ml-anomalies-*\" WHERE anomaly_score > 75 AND job_id = 'farequote_demo'"
| math "count_documents"
| metric "anomalies"
metricFont={font size=48 family="'Open Sans', Helvetica, Arial, sans-serif" color="#000000" align="center" lHeight=48}
labelFont={font size=14 family="'Open Sans', Helvetica, Arial, sans-serif" color="#000000" align="center"}
metricFormat="0,0.[000]"
| render
Yields:
Hi Rich, I have the math function
There is no known issues on canvas accessing the system indices? is the only thing that I can think of....
No, my example is from a Canvas workpad that is running that exact query to .ml-anomalies-*
Do you have a time filter on your Canvas workpad (on any of the panels, not just the visible one) that is limiting the scope of your query to a certain date range where there are no actual anomalies?
I have anomalies in the last 7 days
I just have a time filter element in the canvas set to 7 days and still nothing is showing,
the problem is that I need the time filter in the canvas
Ah yes, that's the issue. You could perhaps investigate creating a field alias in the .ml-anomalies-* index to map timestamp to an alias field called @timestamp
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.
