I'm pretty new to kibana and trying to use below code to generate dashboard warning count in the last 1 hour:
//count(kql='isAlarmTriggered : true')-count(kql='isAlarmTriggered : true',shift='1h')
But sometimes the result becomes negative. Something must be wrong and I'm wondering why that's the case. Any explanation would be nice.
welcome to the Kibana community.
Is it possible that there's no document with the
isAlarmTriggered set to
true in the current timeframe, but there are for the past hour?
If you open the Inspector panel with the raw ES response, can you see the data?
Thanks for the suggestion. I just went through the online documentation(Create visualizations with Lens | Kibana Guide [8.6] | Elastic) and found this:
You are unable to combine different time shifts, such as count(shift="1w") - count() and count(shift="1w") - count(shift="1m")
I guess maybe there's reason. And I found that using predefined count() can also perform the same task. Not going to investigate further, but thanks for your fast reply.
That applies only when using the
Top Values and no result is actually displayed in such case, rather suggested a workaround with a Filter operation in place of a Top Values.
I do not think that is related to your issue.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.