Percentage difference over two different periods

Thomas74 · September 8, 2020, 8:00am

Hi,

I would like to see how I receive specifics logs during two periods :

Current month
Current month - 1

The goal is to see the difference, in percentage, between them. For example, this month we increased log integration by 20% from last month.

I tried with timelion and TSVB but with no success

Math integration could be a good idea but I don't know how to get params metrics from antoher bucket.

Is someone can guide me ?

Best regards,

Thomas R.

wylie · September 10, 2020, 8:04pm

This type of use case is harder than it sounds in Kibana for the reasons you found- it requires math across buckets. It's also difficult because of the global time filter which intersects with any buckets. When I have this kind of problem I write a Vega visualization from this template:

{
  "$schema": "https://vega.github.io/schema/vega-lite/v4.json",
  "data": {
    "url": {
      "index": "metricbeat-*",
      "body": {
        "aggs": {
          "f": {
            "filters": {
              "filters": {
                "current": {
                  "range": { "@timestamp": { "%timefilter%": true } }
                },
                "previous": {
                  "range": {
                    "@timestamp": {
                      "%timefilter%": true, "shift": -4, "unit": "week"
                    }
                  }
                }
              }
            }
          }
        },
        "size": 0
      }
    },
    "format": {
      "type": "json",
      "property": "aggregations.f.buckets"
    },
  }
  
  "transform": [
    {
      "calculate": "if (datum.previous.doc_count, datum.current.doc_count / datum.previous.doc_count, null)",
      "as": "percent_diff"
    }
  ]
  
  "vconcat": [
    {
      "title": "Percent change from 4 weeks ago"
      "width": "container"
      height: 40
      "mark": "text",
      "encoding": {
        "text": {
          "field": "percent_diff"
          "format": "0.2%"
        },
        "size": { value: 32 },
        "align": { "value": "center" },
      }
    },
    {
      "title": "Current value"
      "width": "container"
      "mark": "text",
      "encoding": {
        "text": {
          field: "current.doc_count",
          format: ","
        },
        "fill": { "value": "black" },
        "fontWeight": { "value": "bold" },
        "align": { "value": "center" },
      }
    }

  ],
}

Thomas74 · September 11, 2020, 9:32am

Thanks I will test it I never used vega visualization. It seems interesting too.

system · October 9, 2020, 9:32am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.