[Kibana - Timelion] - Average between different functions

Hi all,

Thanks in advance for the time you would take for this

I created a timelion visu as below :

.es(index=myindex*,timefield=mytime).bars()
,.es(index=myindex*,timefield=mytime,offset=-1d).bars()
,.es(index=myindex*,timefield=mytime,offset=-2d).bars()
,.es(index=myindex*,timefield=mytime,offset=-3d).bars()
,.es(index=myindex*,timefield=mytime,offset=-4d).bars()
,.es(index=myindex*,timefield=mytime,offset=-5d).bars()
,.es(index=myindex*,timefield=mytime,offset=-6d).bars()
,.es(index=myindex*,timefield=mytime,offset=-7d).bars() 

With the date filter set to 'Today' and interval set to '1h'

So I get basically 24 vertical bars which are the different counts_doc per hour per day piled up together.
But how can I get the average of those now ? Don't want them piled up like it is so far.

For example, if at ~4pm I always get 10 docs every day, my vertical bar will be 70 high (sum), where I want it to be 10 (avg)
I hope I'm clear enough

[edit] Assuming my english isn't good enough - below an example

What I have so far :

As you can see, vertical bars are split up by day (what you don't want to) so I need to find a way to measure the average of those bars and display it as a single bar

Thanks
Guillaume

You can use the add operator to add all of the series together and then the divide operator to get the average. The example below uses logs sample data set

.es(index=kibana_sample_data_logs*,timefield=@timestamp)
.add(.es(index=kibana_sample_data_logs*,timefield=@timestamp,offset=-1d))
.add(.es(index=kibana_sample_data_logs*,timefield=@timestamp,offset=-2d))
.add(.es(index=kibana_sample_data_logs*,timefield=@timestamp,offset=-3d))
.add(.es(index=kibana_sample_data_logs*,timefield=@timestamp,offset=-4d))
.add(.es(index=kibana_sample_data_logs*,timefield=@timestamp,offset=-5d))
.add(.es(index=kibana_sample_data_logs*,timefield=@timestamp,offset=-6d))
.divide(7).bars()

Just to complete the example, here is the stacked daily counts using sample data

.es(index=kibana_sample_data_logs*,timefield=@timestamp).bars()
,.es(index=kibana_sample_data_logs*,timefield=@timestamp,offset=-1d).bars()
,.es(index=kibana_sample_data_logs*,timefield=@timestamp,offset=-2d).bars()
,.es(index=kibana_sample_data_logs*,timefield=@timestamp,offset=-3d).bars()
,.es(index=kibana_sample_data_logs*,timefield=@timestamp,offset=-4d).bars()
,.es(index=kibana_sample_data_logs*,timefield=@timestamp,offset=-5d).bars()
,.es(index=kibana_sample_data_logs*,timefield=@timestamp,offset=-6d).bars()

Hi @Nathan_Reese and thanks for your perfect answer

It works well for the count, thanks a lot - this is clever
What about adding a metric now ? looks like it's not working anymore ... tried with avg or max on an integer

[edit] - working for metric=sum:myfield however ...

Thanks

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.