Kibana split based on date

g4lvanix · October 12, 2017, 1:13pm

Hello!

I have a question regarding visualizing data by splitting it by a date field.

I have a handful of files that look like this:

{
"Name": "myName",
"RunID": 123,
"Value": 0.456,
"Time": "2017-10-12T08:00:00Z"
}

There are always two files with the same RunID and Name but different values and times (one is earlier than the other).

Is it possible to plot the values of the files in a histogram vs RunID but split the time series data by time stamp but still have a line be drawn using the correct association between values?
The later ones always run later and the earlier ones always run earlier.

At the moment when I try this I only get single dots in the graph because Kibana can't tell that the early document in RunID is associated with the early document with the subsequent RunID because obviously the timestamps are all uniqe.

Thanks,
g4lvanix

timroes · October 12, 2017, 1:39pm

Hello Elia,

I unfortunately don't get exactly what you want to be drawn on the x-axis and the y-axis exactly.
Could you maybe make a screenshot of what's drawn wrong and how you would like it to draw?

In general sometimes it might be easier to associate documents belonging towards each other at indexing time rather when visualizing. There is for example the elapsed logstash plugin, which associates two documents which each other and can pull over values from both into a single document and calculate time between those documents.

But I would need to understand better what you are trying to achieve exactly to maybe find a better solution.

Cheers
Tim

g4lvanix · October 12, 2017, 2:49pm

Hey Tim,

thanks for your quick reply.

This is what my documents look like:

{ "Name": "myName", "RunID": 0, "Value": 0.9058792997115444, "Time": "2017-10-12T14:42:05.355269Z"}
{ "Name": "myName", "RunID": 0, "Value": 0.6748210486920454, "Time": "2017-10-12T14:43:05.355269Z"}
{ "Name": "myName", "RunID": 1, "Value": 0.4483935140884814, "Time": "2017-10-13T14:44:05.355269Z"}
{ "Name": "myName", "RunID": 1, "Value": 0.8006066142934437, "Time": "2017-10-13T14:45:05.355269Z"}
{ "Name": "myName", "RunID": 2, "Value": 0.7331232978342673, "Time": "2017-10-14T14:46:05.355269Z"}
{ "Name": "myName", "RunID": 2, "Value": 0.2669455104960822, "Time": "2017-10-14T14:47:05.355269Z"}
{ "Name": "myName", "RunID": 3, "Value": 0.9026443399749965, "Time": "2017-10-15T14:48:05.355269Z"}
{ "Name": "myName", "RunID": 3, "Value": 0.5108507014040932, "Time": "2017-10-15T14:49:05.355269Z"}
{ "Name": "myName", "RunID": 4, "Value": 0.9830013615832985, "Time": "2017-10-16T14:50:05.355269Z"}
{ "Name": "myName", "RunID": 4, "Value": 0.427432702867791, "Time": "2017-10-16T14:51:05.355269Z"}

As you can see there are always two documents that are identical exept for the time stamp.
Can I use this time stamp to separate the documents in a line graph?

What I want is this but with two lines (one for the earlier and one for the later document, i.e. points joined together)

But what I get is this, it splits all the records into individual points and doesn't draw a line because all timestamps are different.

Is there a way to connect all the points across build numbers that have the earlier or later time stamp?

Thanks,
Elia

system · November 9, 2017, 2:49pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.