With Kibana 3 I could create a graph and have multiple, unrelated queries as shown below:
Is there a way to achieve this with Kibana 4? Thank you.
We'll they are related 
You can do this a few ways, you can split the y-axis if you want to do it in KB, or you can also do it in TimeLion.
Ok fair In the screenshot I have two unique queries, one based on UDP, the other TCP. How do I have two separate searches or visualizations in one graph?
Looks like I had to go a layer up. So my search is just "conn" (connection log from bro-ids). Within that I then I choose split lines with filter 1 being udp, and filter 2 being tcp:
So eh...it's ok. Thanks Mark.
1 Like
Ok so here we go....I have two separate types from logstash:
type:snort type:conn
Both of these types have: src_ip, dst_ip, src_port, dst_port
So. I create a new Search: _exists_:src_ip and I can see both conn and snort in the Search. So far so good.
For the life of me I'm not able to get something like this:
This image contains the same two types, snort and conn. I've tried almost every combo of y-axis and x-axis, but no go. Is there a secret to getting something like the above? Sidenote, installed TimeLion...didn't understand it at all.
I'm probably missing something, but can't you just create a vertical bar chart from your saved search, then split bars by filters (and create filters for each of the queries, i.e. large responses, large send, etc.)?
1 Like
Thanks Lukas I will give that a try. Will that give me the Timeline I wonder? It'll have to wait until Monday 
I did the upgrade at home and ya...you are right that did work. I had to change my thinking on how I filter: