I'm not sure if it's possible on timelion, but on elasticsearch we are receiving document every 1 minute. These documents contain SQL database related metric (such as Object Locks and Database Locks), and each has a field called insert_date (field extracted from SQL database). We want to display all these documents on a time series and at the same time set a threshold for Object or Database Locks documents where insert_date is older than 30 minutes from now insert_date < DATEADD (MINUTE, -30, GETDATE());
@keeshqs if you change the timelion:es.timefield Kibana advanced setting (Management -> Advanced Settings) to insert_date you can then use the timefilter in the upper right hand corner to control the date-range. If you don't want to change this for all timelion queries, you can specify it using the timefield parameter like so: .es(timefield="insert_date")
Unfortunately, you can't use the q parameter to do the datemath as this uses the lucene query syntax which doesn't support relative dates, you can use range queries to do absolute filters like so: .es(q="@timestamp:[2017-01-01 TO 2018-02-11]") but you can't do .es(q="@timestamp:[* TO now-30m]") as Lucene doesn't support this.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.