How to do a 'between' @timestamp filter in a Vega Visualization for a constantly updating index?

Elastic Stack Kibana
1

I can easily do a 'between' @timestamp filter for either a saved search or Kibana Visualization in order to display data from a constantly updating index (via Logstash) for a time period within the past (say) 34 seconds.

How do I set up a similar filter for a Vega visualization that is also displaying data from a constantly updating index?

2

I think you use the %timefilter% interpolated value in your ES query:

https://www.elastic.co/guide/en/kibana/master/vega-querying-elasticsearch.html

3

Chris,

The mgpnlquery* index is being refreshed every 30 seconds. How can I adjust the following data input section for the visualization to only accept data for the the past 34 seconds?

"data": [
{
"name": "sp500",
url: {
# The %-enclosed keys are handled by Kibana to modify the query
# before it gets sent to Elasticsearch. Context is the search
# filter as shown above the dashboard. Timefield uses the value
# of the time picker from the upper right corner.
%context%: true
%timefield%: @timestamp
index: mgpnlquery*
body: {
size: 1000
_source: ["@timestamp", "price", "account", "acctype", "region" ]
}
}
"format": { "property": "hits.hits" }
},

4

I solved this issue with the following range query:

"data": [
{
"name": "sp500",
url: {
# The %-enclosed keys are handled by Kibana to modify the query
# before it gets sent to Elasticsearch. Context is the search
# filter as shown above the dashboard. Timefield uses the value
# of the time picker from the upper right corner.
# %context%: true
# %timefield%: @timestamp
index: mgpnlquery*
body: {
size: 1000
_source: ["@timestamp", "price", "account", "acctype", "region" ]
"query": {
"range" : {
"@timestamp" : {
"gte" : "now-34s",
"lt" : "now"
}
}
}
}
}
"format": { "property": "hits.hits" }
},

1 Like
5

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.