I have logs containing signal strength that I want to plot. Only changes in signal strength are logged.
I would like to make a graph in timelion (or a normal line graph) that takes each value as is and plots them in a timeseries so I end up with a line showing each individual value.
However if I do something like .es(EbNo:*)I end up with the count, which I don't want. $ebno_query='EbNo:*', .es($ebno_query,metric='avg:EbNo').fit(none) works better but I don't want averages.
I simply want to connect the dots between different values at different times (there will be only one value per timestamp). How can I do this?
Separate questions 1: Is it also possible to define max. and min. values for one of the axis?
Separate questions 2: Is it possible to continue drawing a line from the last known value? E.g. the last log entry was EbNo 5 at 12:00 but my dashboard is showing from 11:00 until 14:00. Can the line from 12:00 until 14:00 show EbNo 5?
In Kibana, only the Discover tab shows individual documents.
All production Visualizations show aggregated data.
The only trick to this is that if you're showing some aggregation such as Max, you may be able to use small enough time buckets (intervals) so that each bucket only contains 1 doc value. In this case you do get the individual values. There are limits to how many buckets Kibana will create for an aggregation. So large timespans (like a month or more) with very small intervals (like milliseconds) probably won't work. If you ever have multiple data points with the exact same timestamp this also won't work.
But there is also an experimental feature called Vega that can plot individual values. Keep in mind that this is very new in Kibana 6.2.0 (current release is 6.2.2). It might change drastically or even be removed in a future release. Use at your own risk!
@LeeDr, thank. I did have a very quick look at Vega but that is too complicated for me at the moment.
My device is outputting data at random intervals but Logstash only accepts one value every 30 minutes so in most cases I'll have one document per ~30 minutes. Worst case there won't be any documents for hours/days if the equipment has some kind of failure.
The thing I don't understand is that even if I select max value, the graph returns values lower than the lowest value, no matter the interval. I get similar results in Timelion.
Shouldn't the max value along with something like a 5 minute interval create the graph I'm looking for?
Logstash can index data much more often that every 30 minutes. You might need to change your logstash configuration if you're not getting your data loaded as you want.
Also, if you don't explicitly load mapping for your index before you start loading data Elasticsearch will create the data type automatically. And if the first document looks like an integer like 2 in your data, then additional data after that will get cast or coerced to an integer. That could be why you its only showing integer results. In the Kibana Dev Tools Console you can use something like GET myIndex/_mapping
to see.
I configured Logstash to throttle messages, in this case I don't need the data more often.
I did make my own mapping, the EbNo is defined as a long.
"EbNo": {
"type": "long"
}
Is this the wrong field type? What would the best type be for this kind of data?
Edit: I've changed the field typ to half_float and now its working. Is this the best type for x.x like values? I assume negative values will work just as well?
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
