ELK - custom time

raj.speed1 · November 19, 2020, 2:39pm

Is there a way to disable relative time or last 1hr & enable user to select available or absolute date/time.

Im updating elk every 1hr with some constant parameters, using logstash.
eg : now output_value =101
after 1hr, my output_value can be 1231
I dont want to average. So, Dashboard is designed to show current exact output_value.
Everytime I'm overriding the current report with the latest report values.
Able to view the dashboard as per my requirement, when I select the time as now.

But, the problem here is, I dont have the details, for older entries.
So, I stopped overriding
& when I selected last 2hr or last 2days, Kibana is showing all the entries within the time gap & my dashboard is not showing the correct info.

Can anyone suggest/faced this kind of scenario..!!!

wylie · November 19, 2020, 6:28pm

Since you only want to see the most recent update, ignoring all the previous values, how about you create a new index which only contains the latest update, deleting all the prior values? This way you will never see older data.

raj.speed1 · November 20, 2020, 10:40am

sounds good.. but every 1hr creating a new index may endup with number of indexes & dashboard.

wylie · November 20, 2020, 3:35pm

You could automate the "most recent hour of data" using index aliases + Index Lifecycle Management. When the data is older than 1 hour you can move it to the rollover alias https://www.elastic.co/guide/en/elasticsearch/reference/current/index-lifecycle-management.html

raj.speed1 · November 27, 2020, 9:39am

Thanks Wylie.. Im trying your solution

Topic		Replies	Views
Duration of events Kibana	7	1949	December 16, 2016
Time since last event Kibana	3	2163	December 14, 2018
Kibana stores "Jan 2001 - now" instead of configured time in dashboard Kibana	3	121	April 8, 2024
How to show latest data in kibana visualization Kibana	2	782	July 24, 2018
Picking latest index in kibana dashboard Kibana	5	740	August 28, 2019

ELK - custom time

Related topics