Get counts of events happening(not ended) currently

Elastic Stack Kibana
1

I have set of data where each data point has start_time and end_time

Ex:
{"start_time":"2018-04-20T15:40:04.466Z","end_time":"2018-04-20T15:50:04.466Z"}
{"start_time":"2018-04-20T15:41:04.466Z","end_time":"2018-04-20T15:47:04.466Z"}
{"start_time":"2018-04-20T15:42:04.466Z","end_time":"2018-04-20T15:43:04.466Z"}

I would like to get count of events happening(not ended) at a certain point of time.

Ex: If I have to find events happening exactly at 2018-04-20T15:45:00.000Z the above set of data should return 2.

Furthermore, I want to get counts in 5 min interval. Ex: how many events happening( not ended) currently at 5th min, 10th min, 15th min, ....

Kibana version: 5.4
Please let me know how this can be accomplished.

2

for the first example you could set a filter start_time:>=2018-04-18T15:45:00.000Z AND end_time:<=2018-04-18T15:45:00.000Z

3

for the second example .... you actually want counts and that specific time, not the average over the last 5,10,15 minutes ? so exactly at 15:00, 15:05, 15:10, ... ?

4

Yeah, exactly at certain times
I just gave 5m as an example.
I want to calculate at each minute, how many ongoing events are happening.

5

I don't think that's possible in kibana at the moment. You could get the number of documents started in some interval and substract the number of documents ended .... or even do a cumulative sum. But none of those are actually what you need.

6

yeah, I am using query like this for getting at certain time-10m ago.

end_time:[now/m-10m TO *] AND start_time:[* TO now/m-10m}

I created an alert which gets this value every 1 min, and index it back into Elasticsearch.

7

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.