Filter a string value in kibana Timelion

sLuvpreet33 · July 31, 2017, 9:43am

I have a status field.

It has 5 values.

1 - completed
2 - pending
3 - ongoing
4 - cancelled
5 - upcoming

I want to see 5 lines in Timelion over time, giving values corresponding to the status.

But I am not getting on how to do this.

This is the expression I am using for 2 lines,

.es(index=vogo-database-2, q='status:cancelled') .es(index=vogo-database-2, q='status:completed')

But there is no change in the timelion. I think the filter is not working.

Even this expression does not change anything,

.es(index=vogo-database-2)

OR

.es(index='vogo-database-2')

How can I achieve what I want ?

sLuvpreet33 · July 31, 2017, 9:49am

It is happening only on this index, and not any other.

What can be the reason for this ?

weltenwort · July 31, 2017, 12:32pm

here are two points that come to mind:

If the primary timestamp field of your index vogo-database-2 is different from @timestamp, you can specify it in your query as in: .es(index="vogo-database-2", timefield="YOUR_TIMEFIELD")
You should be able to draw these 5 lines with just one query using the split argument to .es(): .es(index="vogo-database-2", timefield="YOUR_TIMEFIELD", split="status:10")

system · August 28, 2017, 12:33pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Timelion filter Kibana timelion	2	5734	March 20, 2017
Timelion filter problem Kibana timelion	2	395	December 13, 2019
TimeLion Question Kibana	3	948	June 29, 2017
Timelion -- filtering within query and choosing different indexes as a source Kibana timelion	5	29869	July 6, 2017
Timelion Kibana timelion	7	511	August 21, 2020