Hi
Is it possible to draw line chart from field values ? I want to plot following two fields -
error:1, time: 17/11/13-13:28:21.247
error:0, time: 18/11/13-13:28:21.247
error:1, time: 19/11/13-13:28:21.247
error:0, time: 20/11/13-13:28:21.247
error:0, time: 21/11/13-13:28:21.247
time in X-axis and error filed value which is either 1 or 0 in the Y-axis.
Hi
Max(error) aggregation in Y-axis and Date Histogram @timestamp has plotted the values in the line chart but this is without time field from the event.
but this is without time field from the event.
Sounds like you have multiple time fields? Is that correct? You have an @timestamp field and then another time field that you have shown in the first post? So when you created your line chart, you used the @timestamp field, but you want to use the time field?
Does the time field not show up as an option for the Date Histogram? Perhaps it was not indexed as a time field? You can double check this under Management > Index Patterns to see what type the time field has been indexed as.
Yes, The time filed was in string format, so need to convert it in timestamp format using date filter.
date {
match => [ "dtimestamp", "yy/MM/dd-HH:mm:ss.SSS" ]
target => "dt"
}
After that i can choose the new filed "dt" in X-axis (datetime histogram) and max(error) in Y-axis.
Regards
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.