Plot stacked series in Canvas from filebeat

Elastic Stack Kibana
1

Hi there,

I'm pushing data from a Raspberry Pi to Kibana via filebeat. Data are sent as UDP messages in a JSON format. One of the fields in JSON is called phys_stats and contains three sub-fields which I would like
to group in my canvas plots (one is raw data and the other two are some averaging filters of the raw data).

In Canvas I try the following code (partly adopted from this topic)

essql 
  query="SELECT \"payload.phys_stats.current\" AS current, \"payload.phys_stats.sma\" AS sma, \"payload.phys_stats.double_sma\" AS double_sma, \"@timestamp\" AS timestamp FROM \"filebeat-*\" ORDER BY timestamp DESC"
| ply 
  by="timestamp" 
  expression={
              string "data_type, value
                     " "current," {getCell "current"} "
                     " "sma," {getCell "sma"} "
                     " "double_sma," {getCell "double_sma"}
              }
| alterColumn "value" type="number"
| alterColumn column="timestamp" type="date"
| pointseries x="timestamp" y="value" color="data_type"
| plot defaultStyle={seriesStyle lines=2 stack=1 fill=0} 
  palette={palette "#01A4A4" "#CC6666" "#D0D102" "#616161" "#00A1CB" "#32742C" "#F18D05" "#113F8C" "#61AE24" "#D70060" gradient=false} 
  font={font family="'Open Sans', Helvetica, Arial, sans-serif" size=11 align="left" color="#000000" weight="normal" underline=false italic=false} legend="nw"
| render containerStyle={containerStyle opacity="1" border=" none "}

I perform an SQL query to fetch my data (current, sma, double_sma) and I use ply to kinda convert my data to a new format and assign a new type for the data types. I was hoping that this could be used in the color assignment to generate my stacked plot. It doesn't work. Any ideas?

1 Like
2

Could you provide an example of one of your documents as well as the result you get in Canvas from the current expression? Could you also provide the result of the expression up until right before the pointseries function?

3

Hi Lukas,

Sorry for not getting back promptly, in the meantime I solved the issue in a different way:

timelion
query=".es(index=filebeat-, timefield='@timestamp', metric='avg:payload.phys_stats.current').label('Current (mA)'), .es(index=filebeat-, timefield='@timestamp', metric='avg:payload.phys_stats.sma').label('Mov. Avg'), .es(index=filebeat-*, timefield='@timestamp', metric='avg:payload.phys_stats.double_sma').label('Mov. Avg (2nd deg.)')" from="now-15m" to="now"
| pointseries x="@timestamp" y="mean(value)" color="label"
| plot defaultStyle={seriesStyle lines="1" fill=0}
font={font family="Arial, sans-serif" size=16 align="left" color="#FFFFFF" weight="normal" underline=false italic=false} legend="ne"
seriesStyle={seriesStyle stack=1 label="Current (mA)" color="#FF9910" lines="1" fill="1"}
seriesStyle={seriesStyle stack=2 label="Mov. Avg" color="#FFFB00" lines="3"}
seriesStyle={seriesStyle stack=3 label="Mov. Avg (2nd deg.)" color="#00C9FF" lines="5" points="0"}
| render containerStyle={containerStyle}

Fortunately, timelion offers a bit more flexibility I think, since it allows me to create 3 sub-queries in one query - which I think the sql format does not currently support.

4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.