How to create a running average in Timelion?

Koen_Wouters · November 14, 2019, 12:32pm

Bit struggling with the timelion syntax so any help would be appreciated. I'm trying to get a running average (not moving average) over time so basically what I like to achieve is a calculation that would provide me the accumulated sum of a value divided by the total amount of documents at the defined timeframes.

Take below as simplified example, I get a few docs per day, each having a value. These need to be aggregated by day and then I want to divide the sum of accumulated values by the count of total accumulated documents. This running average (or accumulated average, not sure about the correct terminology) is what I want to plot.

day |doc | value | running avg
1 | 1 | 4 | -
1 | 2 | 3 | 3.5 << day 1 = (4 +3)/2 docs
2 | 1 | 3 | -
2 | 2 | 5 | 3.75 << day 2 = (4 + 3 + 3 + 5) / 4 docs
3 | 1 | 2 | 3.4 << day 3 = (4 + 3 + 3 + 5 + 2) / 5 docs

Any advice?

rashmi · November 14, 2019, 4:27pm

I found similar discuss posts - may be you can refer here: Simple moving average in Kibana over a date histogram help if this answers your question..if not, please ask again

Thanks
Rashmi

Koen_Wouters · November 14, 2019, 4:44pm

Hi Rashmi, thanks already but this is not what I look for. A moving average is basically just smoothing over a given window, what I need is an accumulated average from day one till now. This will therefore not be impacted as much by fluctuations and is more like a flattened trendline.

wylie · November 14, 2019, 5:44pm

You can get a cumulative sum, and then divide it. For example:

.es(index=kibana_sample_data_logs, metric='sum:bytes').cusum()

That gives me:

This is then something you can divide, for example to divide the average bytes/document:

.es(index=kibana_sample_data_logs, metric='sum:bytes').cusum().divide(.es(index=kibana_sample_data_logs))

system · December 12, 2019, 5:44pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.