Kibana visualization to show intime value count of different fieldski

Hello All,

How to make TSVB visualization displaying all the count values for given filelds.
Here I'm trying to dispaly the index updated,nodes travered,entrie process and chunk "intime"
count value wrt statistic time.Though one can see in tsvb the visual is just showing top hit(aggregation) value and intention is to show every count values of fields wrt statistic time .
Logstash upsert is used for updating value for given stats time.
Have been struggling with such usecases where in need to show every value wrt to intime(timestamp),Not exaclty aware of aggregation which can help in this or if possible through tsvb.
Kibana 7.9.1
How can this be achieved?

{
  "_index": "cis-monitor-search-2022.08.22-000001",
  "_type": "_doc",
  **"_id": "2022-08-22 04:15:11"**,
  "_version": 1465,
  "_score": null,
  "_source": {
    "host": "vgcwcrd0app2001",
    "@timestamp": "2022-08-22T15:26:58.643Z",
    "command": "/l/app/CIS/logstash/logstash-7.9.1/scripts/searchstatus/run_tc_status.sh",
    "@version": "1",
    "qsearch": {
      "chunks": "0",
      "queueEntriesProcessed": "0",
      **"statisticTime": "2022-08-22 04:15:11"**,
      "indexesUpdated": "0",
      "nodesTraversed": "0"
    }
  },
  "fields": {
    "@timestamp": [
      "2022-08-22T15:26:58.643Z"
    ],
    "qsearch.statisticTime": [
      "2022-08-22T04:15:11.000Z"
    ]
  },
  "sort": [
    1661182018643
  ]
}

image1657×509 82 KB

image1608×446 23.1 KB

Thanks

Sample Data

timestamp	A	B	C	D
7/19/2022 15:11	0	150	150	3
7/19/2022 15:10	0	0	0	0
7/19/2022 15:10	0	0	0	0
7/19/2022 15:09	0	0	0	0
7/19/2022 15:09	0	0	0	0
7/19/2022 15:08	0	0	0	0
7/19/2022 15:08	0	0	0	0
7/19/2022 15:07	0	0	0	0
7/19/2022 15:07	0	80	80	80
7/19/2022 15:06	0	0	0	0
7/19/2022 15:06	0	0	0	0
7/19/2022 15:05	0	0	0	0
7/19/2022 15:05	0	60	60	3
7/19/2022 15:04	0	0	0	0
7/19/2022 15:04	0	0	0	0
7/19/2022 15:03	0	0	0	0
7/19/2022 15:03	0	0	0	0
7/19/2022 15:02	0	100	100	1
7/19/2022 15:02	0	87	87	2
7/19/2022 15:01	0	75	75	2
7/19/2022 15:01	0	0	0	0
7/19/2022 15:00	0	0	0	0
7/19/2022 15:00	0	0	0	0
7/19/2022 14:59	0	0	0	0
7/18/2022 23:49	0	1	1	1
7/18/2022 23:49	0	1	1	1
7/18/2022 23:48	0	0	0	0
7/18/2022 23:48	0	1	1	1
7/18/2022 23:47	0	0	0	0
7/18/2022 23:47	0	0	0	0
7/18/2022 23:46	0	1	1	1
7/18/2022 23:46	0	1	1	1
7/17/2022 19:51	0	0	0	0
7/17/2022 19:50	0	0	0	0
7/17/2022 19:50	0	0	0	0

Hi @PRASHANT_MEHTA I think there is a fundamental disconnect on what Kibana Visualizations do... they are aggregation based by default / defintion they are not intended to be individual "Row Oriented Output" and this is why you are struggling. (You are not the only one)

This is probably why you are not getting much help.. Kibana visualization really just do not work that way.

That is not to say that there may be some way to "bend" a visualization to what you want but this is not the intention of the visualizations.

2nd I see rows like this do you want to show 1 row for this or 2 rows aggregated.

3rd you are on a pretty old version so that even further limits your option.

If you will want to show each row then you really should just create a Saved Search in Discover which will show each row and then set the columns BUT you will not be able to then do aggregations.

You could also try to turn the date / times into keyword s and the aggregate on the keyword s in the table that might work.

Hello @stephenb ,

Thanx for your detailed explanation!

2nd I see rows like this do you want to show 1 row for this or 2 rows aggregated:[1 row would be fine here.]

7/19/2022 15:02	0	100	100	1
7/19/2022 15:02	0	87	87	2

Can you also suggest what is the size limit that can be set for bucket aggreagtion,I'm using
Enhanced datatable where I see Size,and I show data in rows that can be of any size.
For Example showing around 20000 rows with data and hence set size as 20000.Would this cause any issue?

image518×577 23.9 KB

Many Thanks

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.