Drawing a time based graph

George915 · March 22, 2022, 7:47pm

Hi ELK community, newbie ELK user here.
I have a time based document as shown below and I was able to insert it in my Elasticsearch. I set up the timestamps field as a date date type. Timestamps are epoch time. I want to draw a graph using the values in the timestamps node as the x-axis, and the values in the values node as the y-axis. How can I do that in Kibana?
thanks in advance.

{
    "totalCount": 1,
    "nextPageKey": null,
    "resolution": "1m",
    "result": [
        {
            "metricId": "some_id",
            "data": [
                {
                    "dimensions": [
                        "SERVICE-AC6A35F295E50FEB"
                    ],
                    "dimensionMap": {
                        "dt.entity.service": "SERVICE-AC6A35F295E50FEB"
                    },
                    "timestamps": [
                        1647643020000,
                        1647643080000,
                        1647643140000,
                        1647643200000,
                        1647643260000,
                        1647643320000,
                        1647643380000,
                        1647643440000,
                        1647643500000,
                        1647643560000,
                        1647643620000,
                        1647643680000,
                        1647643740000,
                        1647643800000,
                        1647643860000,
                        1647643920000,
                        1647643980000,
                        1647644040000,
                        1647644100000,
                        1647644160000,
                        1647644220000,
                        1647644280000,
                        1647644340000,
                        1647644400000,
                        1647644460000,
                        1647644520000,
                        1647644580000,
                        1647644640000,
                        1647644700000,
                        1647644760000,
                        1647644820000,
                        1647644880000,
                        1647644940000,
                        1647645000000,
                        1647645060000,
                        1647645120000,
                        1647645180000,
                        1647645240000,
                        1647645300000,
                        1647645360000,
                        1647645420000,
                        1647645480000,
                        1647645540000,
                        1647645600000,
                        1647645660000,
                        1647645720000,
                        1647645780000,
                        1647645840000,
                        1647645900000,
                        1647645960000,
                        1647646020000,
                        1647646080000,
                        1647646140000,
                        1647646200000,
                        1647646260000,
                        1647646320000,
                        1647646380000,
                        1647646440000,
                        1647646500000,
                        1647646560000,
                        1647646620000
                    ],
                    "values": [
                        33668.676711439424,
                        33007.39453125,
                        32910.22194298323,
                        33005.921739022946,
                        32973.4765625,
                        33148.703125,
                        33745.24221956224,
                        33266.625,
                        32821.60546875,
                        33531.44784182393,
                        32466.424982123037,
                        32682.992745165175,
                        32903.4431323902,
                        32871.4921875,
                        32705.736328125,
                        32596.0703125,
                        33155.5038051792,
                        33096.03129281958,
                        33129.944752268864,
                        32986.76763337606,
                        33257.97265625,
                        33350.9609375,
                        33218.35231977859,
                        32965.47322674551,
                        33027.58203125,
                        32756.281625387855,
                        32718.438373766447,
                        33024.555585118826,
                        33001.69140625,
                        32910.3671875,
                        32806.40824128301,
                        32864.33984375,
                        33224.4765625,
                        33561.46484375,
                        33389.38651036219,
                        33511.05859375,
                        32995.08900885784,
                        33305.66143887801,
                        33517.86830953862,
                        32934.625,
                        32881.85546875,
                        33318.37152169765,
                        33436.265408921514,
                        33706.43359375,
                        33738.11210749699,
                        33287.52156952486,
                        33490.91796875,
                        33611.453125,
                        33772.046875,
                        33301.79296875,
                        33586.15625,
                        33160.26171875,
                        33637.86818154916,
                        32987.95055329398,
                        33281.55859375,
                        33118.62801149273,
                        32916.746851702854,
                        32821.869818457446,
                        32475.644211351,
                        32851.913126518644,
                        null
                    ]
                }
            ]
        }
    ]
}

flash1293 · March 29, 2022, 8:57am

Is the JSON from your post a single document? If yes, it will be hard to visualize in Kibana in this shape - maybe you can change it to be broken up into separate documents per data point?

{ timestamp: 1647643020000, value: 33668.676711439424  }
{ timestamp: 1647643080000, value: 33007.39453125  }
...

Those are much easier to deal with in Kibana.

It is also possible to visualize the document in it's current shape, but it would require you to use the vega language to do the processing (matching timestamps and values to pairs, flattening them out and passing them to the chart) which is probably harder to maintain in the long run than to do this processing before indexing the data into Elasticsearch in the first place.

Let me know whether that makes sense, I can help you with follow-up questions in either direction.

system · April 26, 2022, 8:57am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.