So I have a timestamp and float field in my index.
I want to plot timestamp on the x axis and the float value on the y axis, but when I go to data visualisation, I can't see the float field at all. All I can see is time stamp.
I want a simple line, that's similar to something like pyplot using the plot function.
How would I go about doing this?
Thank you
I've managed to get my db_size showing by refreshing index patterns, but when I try to use it with the timestamp on the x axis it's telling me that no results were found.
The date histogram field is picking up the timestamp field as well, so I'm not sure where it's going wrong.
Hey @James_Woods, would you mind posting a screenshot of your Visualization configuration and the data that you're seeing?
Hi @Brandon_Kobel,
Here is the configuration:
It says no results found where the graph/plot usually is. The warning sign on the bottom is telling me that my interval has been scaled to 5 seconds instead, otherwise it will create too many buckets.
Here are a few examples of the data:
I've tried using the different options, like sum/count/max etc and all give the same "no results found" message.
In the upper left corner of the Visualization editor, if you click the "Inspect" button, this will open up the inspector flyout. At the top right, you'll see a button that says "View: Data", click this and select "Requests". Next, click the "Request" tab, and then click the "Copy" button in the upper right. This will copy the request into your clipboard. If you then open up the Dev Tools application, type GET db_size/_search and then paste what's in your clipboard and run the request, do you see any results?
@Brandon_Kobel Hi Brandon, thanks for the useful advice. I can confirm that is not giving me anything back. I can see under the statistics tab too that it is giving me 0 hits.
Here is the query it is running:
Are the timestamp formats mismatched perhaps? They look slightly different, mine doesn't have a letter at the end. I can't seem to see a way to change what time it actually brings back.
Thanks
Are the timestamp formats mismatched perhaps? They look slightly different, mine doesn't have a letter at the end. I can't seem to see a way to change what time it actually brings back.
The format that you're seeing in that query directly is the ISO-8601 representation of the date-time.
If you remove the must clause from the query do you see results?
Also, what do you get back it you execute the following query in Console/DevTools:
GET db_size/_mapping/field/timestamp
Removing the must clause returns every record (Which is what im after!)
running that query gives me this:
If you perform the following search do you get anything back? Is it possible that you're looking at too small of a "time window" to get results?
GET db_size/_search
{
"query": {
"bool": {
"must": [
{
"range": {
"timestamp": {
"format": "strict_date_optional_time",
"gte": "2019-05-30T13:58:22.591Z",
"lte": "2019-05-30T14:08:22.591Z"
}
}
}
]
}
}
}
So I think you are certainly correct.
That query gives no hits, but I changed the top date to 2018 and ran that and that gave me all the results.
Perfect, I understand. I didn't notice the time in the top right!
Thanks so much for your help, I've now got the plot I was after.
Apologies that we had to take the long way round because I didn't notice that, but I really appreciate it and I've learned a good amount to troubleshoot other things myself.
Thanks a lot!
No worries at all, glad to be of assistance!
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.