Filter a string value in kibana Timelion

sLuvpreet33 · July 31, 2017, 9:43am

I have a status field.

It has 5 values.

1 - completed
2 - pending
3 - ongoing
4 - cancelled
5 - upcoming

I want to see 5 lines in Timelion over time, giving values corresponding to the status.

But I am not getting on how to do this.

This is the expression I am using for 2 lines,

.es(index=vogo-database-2, q='status:cancelled') .es(index=vogo-database-2, q='status:completed')

But there is no change in the timelion. I think the filter is not working.

Even this expression does not change anything,

.es(index=vogo-database-2)

OR

.es(index='vogo-database-2')

How can I achieve what I want ?

sLuvpreet33 · July 31, 2017, 9:49am

It is happening only on this index, and not any other.

What can be the reason for this ?

weltenwort · July 31, 2017, 12:32pm

here are two points that come to mind:

If the primary timestamp field of your index vogo-database-2 is different from @timestamp, you can specify it in your query as in: .es(index="vogo-database-2", timefield="YOUR_TIMEFIELD")
You should be able to draw these 5 lines with just one query using the split argument to .es(): .es(index="vogo-database-2", timefield="YOUR_TIMEFIELD", split="status:10")

Topic		Replies	Views
TimeLion Question Kibana	3	977	June 29, 2017
If statement in timelion Kibana timelion	2	1531	January 5, 2018
Timelion split and then filter on splitted values Kibana timelion	6	4016	July 8, 2018
Timelion filter Kibana timelion	2	5783	March 20, 2017
How to add filter in Timelion? Kibana timelion	2	16809	December 6, 2017