I am trying to make line graphs in Canvas based on an Elasticsearch SQL query. When I use the "preview data" button, the data is here. If I use data from the last 14 days, it works. But for some reason, if I try to make a chart based on data older than 14 days ago, I get an empty graph.
My expression is:
filters
| essql
query="SELECT HISTOGRAM(\"@timestamp\", INTERVAL 30 MINUTES) AS h, COUNT(\"events.tokens.eventType\") AS number FROM \"denyall-*\" WHERE \"@timestamp\" >= CAST('2020-11-10' AS DATETIME) AND \"@timestamp\" <= CAST('2020-11-12' AS DATETIME) AND (\"context.tunnelName\" = 'something1' OR \"context.tunnelName\" = 'something2') GROUP BY h ORDER BY h"
| pointseries x="h" y="mean(number)"
| plot defaultStyle={seriesStyle lines="1" bars="0" points="1"}
| render
filters
| essql
query="SELECT HISTOGRAM(\"@timestamp\", INTERVAL 30 MINUTES) AS h FROM \"kibana_sample_data_logs\" WHERE \"@timestamp\" >= CAST('2020-11-01' AS DATETIME) AND \"@timestamp\" <= CAST('2020-11-05' AS DATETIME) GROUP BY h ORDER BY h"
| math "unique(h)"
| metric "Days"
metricFont={font size=48 family="'Open Sans', Helvetica, Arial, sans-serif" color="#000000" align="center" lHeight=48}
labelFont={font size=14 family="'Open Sans', Helvetica, Arial, sans-serif" color="#000000" align="center"} metricFormat="0,0.[000]"
| render
Not sure what goes wrong in your case.
Could you simplify your query to validate?
What Kibana version are you using?
Thank you for the tip, I wasn't aware of this debugging feature. Unfortunately, it made me realize someone added a time filter on another slide (we are a few people working on the same canvas), and it applied to my requests... So there is actually no problem. Again, thank you both for your help!
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
