I have been tasked with evaluating the Kibana 5.3 visualization and was wondering if it is possible to create a time line chart that would count and compare data for a difference from one year to the next. For example show me the count of 404 error for each month for this calendar year and also show the same data for the previous year for comparison.
Hi @ppierce01,
that absolutely sounds possible to achieve with a timelion visualization. The .es() function used to fetch a time series from Elasticsearch has an offset argument, which time-shifts a series. It is also possible to compute the difference between two series using the .subtract() function. The timelion expression could look something like
.es(q="response:404", index="logstash-*").subtract(.es(q="response:404", index="logstash-*", offset="-1y"))
with the bucket size being set to 1M (in the dropdown to the left of the query bar) and the time picker (in the upper right corner) being set to Last 1 year or Previous year or similar.
Thank you for your response, I really appreciate it. Would you by chance know of a any good tutorial where I might get more information on the Timelion query language?
Thanks Perry
Here are a few resources that come to mind:
- Timelion comes with integrated tutorial accessible via the in-app docs:
- several videos:
- a meetup talk about Timelion
- the recording of the Elastic{on} 17 Timelion Session
- a tutorial about visualizing an earthquake dataset with Timelion
- a blog post about conditionals in Timelion
And last but not least, if you have a question about any specific piece of functionality, this very forum is also a great place to find support.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.