Kibana: how to calculate a delta metric in table visualization?

Elastic Stack Kibana
1

Hi,

I have logs, which contain statistical absolute values.
Each minute I get the statistics, how many transactions a service has processed since start of the service.
So it is a steadily growing number until the next restart of the server.

Now I want to know, how many transactions have been processed per service in the selected timeframe.
My idea is to create a table visualization, returning min and max of the processed transactions.

Now I also want to add the result of (max - min) and add it as column to the table.
How can I do that?
Is there something built in?
Can I easily create custom aggregations?

Target is kibana 5.1. If there is a way to use in kibana 4.1 it is also welcomed, because i have not finished yet the upgrade to elk 5.1 yet.

Thanks, Andreas

2

This isn't currently possible in core Kibana, here's an open ticket https://github.com/elastic/kibana/issues/2805

However, you could easily accomplish this in Timelion. The query would look like this:

.es(*, metric='max:bytes').subtract(.es(*, metric='min:bytes'))

Just replace bytes with whatever your field name is.

Here's an example with the min, max, and difference between the two:

Screen Shot 2017-02-02 at 11.31.11 AM.png1906×1070 144 KB

1 Like
3

thanks for the response. But that's not what i need.

I need the diffrence of the values from different times.
Value of last event - value of first event.

4

Hi @asp

Perhaps I've misunderstood what your data looks like. You mentioned:

Each minute I get the statistics, how many transactions a service has processed since start of the service.
So it is a steadily growing number until the next restart of the server.

If the transaction count field is always increasing, won't the minimum and maximum count be the first and last events by definition, except perhaps after a restart?

5

yes, exactly. Let me do an example.

minute 0: 0 processed
minute 1: 100 processed
minute 2: 150 processed
minute 3: 150 processed
minute 4: 200 processed
minute 5: 600 processed
minute 6: 620 processed

Now I set my time interval vor analysis to minutes 2 to 5.
min value is 150, max value is 600.
What I need to show is is 450 as difference (600 - 150 = 450)

In your screenshot the difference is calculated from min and max of the same time. That's why your diff is a curve and not a constant.

6

That's not true. The difference is calculated from the same interval. To demonstrate, see the screenshot below. I've set my interval to 1 day and I'm charting the min and max timestamp for each interval. So the red line represents the first document in each bucket and and the blue line is the last document. If you set your interval to "3 minutes" and start the time range at minute two, you'll see the difference between minute 5 and minute 2 charted in the first graph I proposed.

934×543 39.8 KB

7

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.