Need to perform aggregation, delta/percentage comparison and plot, is this possible in Kibana?

Elastic Stack Kibana
1

Hey guys, I need some help with a Kibana visualization i'm putting together. I would like to perform an aggregation and comparison in a very specific way and I'm not sure if its possible with Kibana or not. Any help would be appreciated.

So on to the problem.
Lets say I have an index called "user-logged-in-time" with documents like this:

{ 
"user_id" : 82342, 
"time_spent_in_application" : 112, 
"date" : "2017-01-18"
}

Lets say I have thousands of users and my application has been live for 10 years resulting in tonnes of data points like the one above.

I would now like to create a visualisation which tells me, which specific users have increased their time spent in the application the most over each year.

In my head, the way this would work is, I would aggregate the total time spent per year per user. Then I would calculate the percentage increases between one year and the next(per user), and then somehow plot the users with their respective percentage increases, ordered by percentage increase.

I hope I made sense.

If percentages aren't available in Kibana, even deltas would work i think.

Is this something thats possible with Kibana 4.x or even 5? is TimeLion able to do this?

Best regards,
am87

2

That kind of pipeline aggregation with derivative metric isn't available in Kibana yet. You could try doing it in a raw Elasticsearch query then plugging the results into some other visualization library.

Timelion wouldn't be able to do it since you want to aggregate on user IDs. It's more for time-based data where you want to take metrics attributed to consistent timestamps through various functions.

3

Thanks @tsullivan. I actually found a way to do it(to some extent) using TimeLion, by transposing all data points from older years onto the latest year and then subtracting them to calculate the difference and then percentage increases. The main blocker was that TimeLion does not allow you to subtract collections of timeseries from another colletions of time series i.e timeseries already split on something.

Anyway, thanks for all your help

4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.