[Kibana - Timelion] - Average between different functions

Elastic Stack Kibana
1

Hi all,

Thanks in advance for the time you would take for this

I created a timelion visu as below :

.es(index=myindex*,timefield=mytime).bars()
,.es(index=myindex*,timefield=mytime,offset=-1d).bars()
,.es(index=myindex*,timefield=mytime,offset=-2d).bars()
,.es(index=myindex*,timefield=mytime,offset=-3d).bars()
,.es(index=myindex*,timefield=mytime,offset=-4d).bars()
,.es(index=myindex*,timefield=mytime,offset=-5d).bars()
,.es(index=myindex*,timefield=mytime,offset=-6d).bars()
,.es(index=myindex*,timefield=mytime,offset=-7d).bars()

With the date filter set to 'Today' and interval set to '1h'

So I get basically 24 vertical bars which are the different counts_doc per hour per day piled up together.
But how can I get the average of those now ? Don't want them piled up like it is so far.

For example, if at ~4pm I always get 10 docs every day, my vertical bar will be 70 high (sum), where I want it to be 10 (avg)
I hope I'm clear enough

[edit] Assuming my english isn't good enough - below an example

What I have so far :

image
image.png1251×753 26 KB

As you can see, vertical bars are split up by day (what you don't want to) so I need to find a way to measure the average of those bars and display it as a single bar

Thanks
Guillaume

2

You can use the add operator to add all of the series together and then the divide operator to get the average. The example below uses logs sample data set

.es(index=kibana_sample_data_logs*,timefield=@timestamp)
.add(.es(index=kibana_sample_data_logs*,timefield=@timestamp,offset=-1d))
.add(.es(index=kibana_sample_data_logs*,timefield=@timestamp,offset=-2d))
.add(.es(index=kibana_sample_data_logs*,timefield=@timestamp,offset=-3d))
.add(.es(index=kibana_sample_data_logs*,timefield=@timestamp,offset=-4d))
.add(.es(index=kibana_sample_data_logs*,timefield=@timestamp,offset=-5d))
.add(.es(index=kibana_sample_data_logs*,timefield=@timestamp,offset=-6d))
.divide(7).bars()

12%20PM
Screen Shot 2019-08-28 at 12.05.12 PM.png3974×2028 432 KB

Just to complete the example, here is the stacked daily counts using sample data

.es(index=kibana_sample_data_logs*,timefield=@timestamp).bars()
,.es(index=kibana_sample_data_logs*,timefield=@timestamp,offset=-1d).bars()
,.es(index=kibana_sample_data_logs*,timefield=@timestamp,offset=-2d).bars()
,.es(index=kibana_sample_data_logs*,timefield=@timestamp,offset=-3d).bars()
,.es(index=kibana_sample_data_logs*,timefield=@timestamp,offset=-4d).bars()
,.es(index=kibana_sample_data_logs*,timefield=@timestamp,offset=-5d).bars()
,.es(index=kibana_sample_data_logs*,timefield=@timestamp,offset=-6d).bars()

27%20PM
Screen Shot 2019-08-28 at 12.05.27 PM.png3976×2022 543 KB

3

Hi @Nathan_Reese and thanks for your perfect answer

It works well for the count, thanks a lot - this is clever
What about adding a metric now ? looks like it's not working anymore ... tried with avg or max on an integer

[edit] - working for metric=sum:myfield however ...

Thanks

4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.