Hi,
I would like to see how I receive specifics logs during two periods :
The goal is to see the difference, in percentage, between them. For example, this month we increased log integration by 20% from last month.
I tried with timelion and TSVB but with no success 
Math integration could be a good idea but I don't know how to get params metrics from antoher bucket.
Is someone can guide me ?
Best regards,
Thomas R.
This type of use case is harder than it sounds in Kibana for the reasons you found- it requires math across buckets. It's also difficult because of the global time filter which intersects with any buckets. When I have this kind of problem I write a Vega visualization from this template:
{
"$schema": "https://vega.github.io/schema/vega-lite/v4.json",
"data": {
"url": {
"index": "metricbeat-*",
"body": {
"aggs": {
"f": {
"filters": {
"filters": {
"current": {
"range": { "@timestamp": { "%timefilter%": true } }
},
"previous": {
"range": {
"@timestamp": {
"%timefilter%": true, "shift": -4, "unit": "week"
}
}
}
}
}
}
},
"size": 0
}
},
"format": {
"type": "json",
"property": "aggregations.f.buckets"
},
}
"transform": [
{
"calculate": "if (datum.previous.doc_count, datum.current.doc_count / datum.previous.doc_count, null)",
"as": "percent_diff"
}
]
"vconcat": [
{
"title": "Percent change from 4 weeks ago"
"width": "container"
height: 40
"mark": "text",
"encoding": {
"text": {
"field": "percent_diff"
"format": "0.2%"
},
"size": { value: 32 },
"align": { "value": "center" },
}
},
{
"title": "Current value"
"width": "container"
"mark": "text",
"encoding": {
"text": {
field: "current.doc_count",
format: ","
},
"fill": { "value": "black" },
"fontWeight": { "value": "bold" },
"align": { "value": "center" },
}
}
],
}
Thanks I will test it 
I never used vega visualization. It seems interesting too.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.