All I'm looking to do is create a line visualization where the 5_sec_eps field displays its values. 5_sec_eps on the Y axis and time on the bottom. Thats all I need, thank you.
Hi, there is an excellent article written by a former Kibana contributor that explains how to add a scatterplot visualization: Scatterplot in Kibana using Vega » Tim Roes
The Kibana tool to achieve this is Vega, the documentation is here: Vega | Kibana Guide [8.8] | Elastic
Tim,
Thank you for the reply. I'll look through this today and also work on getting the data in correctly. The numbers may be being stored as a string which may be why I've been having such a hard time getting a basic dashboard to populate. I'm going to look at turning these into integers instead of a string if that actually is the problem.
Ryan
Tim,
I've got the ingest pipeline changing the value for 5_sec_eps from a string to a float with the convert processor. I've also been able to build a Vega (Lite?) visualization but can't figure out how to get the data displayed correctly. The goal is to display the eps values for each of the DLC's we have in a line chart. The issue I'm hitting is that its displaying a literal straight line (see image).
Code so far:
{
"$schema": "https://vega.github.io/schema/vega-lite/v2.json",
"mark": "line",
"data": {
"url": {
"%context%": true,
"%timefield%": "@timestamp",
"index": "lab-dlc-eps-data",
"body": {
"size": 10000,
"_source": ["@timestamp", "5_sec_eps", "kubernetes.pod.name"]
}
},
"format": {"property": "hits.hits"}
},
"transform": [
{
"calculate": "toDate(datum._source['@timestamp'])",
"as": "time"
}
],
"encoding": {
"x": {
"field": "_source.kubernetes.pod.name",
"type": "nominal",
"axis": {
"title": "Pod Name"
}
},
"y": {
"field": "_source.5_sec_eps",
"type": "quantitative",
"axis": {
"title": "5 Sec EPS"
}
}
}
}
Hi @Ryan_Downey, why not use Lens for your case? Vega is not a trivial solution and needs some time to master.
You mention you want a line visualization, so I understand you have one value of 5_sec_ops per time interval, or you are OK with doing an aggregation if there is more than one data point.
Just to compare, I created a simple Vega line chart from the Kibana Flights data sample with the following definition:
{
"$schema": "https://vega.github.io/schema/vega-lite/v5.json",
"title": "Ticket prices at Kibana Sample Data Flights",
"data": {
"url": {
"%context%": true,
"%timefield%": "timestamp",
"index": "kibana_sample_data_flights",
"body": {
"aggs": {
"time_buckets": {
"date_histogram": {
"field": "timestamp",
"interval": {"%autointerval%": true},
"time_zone": "Europe/Madrid",
"extended_bounds": {
"min": {"%timefilter%": "min"},
"max": {"%timefilter%": "max"}
},
"min_doc_count": 0
},
"aggs": {"avg_avgticketprice": {"avg": {"field": "AvgTicketPrice"}}}
}
},
"size": 0
}
},
"format": {"property": "aggregations.time_buckets.buckets"}
},
"mark": "line",
"encoding": {
"x": {"field": "key", "type": "temporal", "axis": {"title": false}},
"y": {
"field": "avg_avgticketprice.value",
"type": "quantitative",
"axis": {"title": "Average of AvgTicketPrice"}
}
}
}
This chart does not have any interactivity, tooltips, etc.
Showing it alongside the Lens chart you can see how Lens does a way better job so I'd suggest only going to Vega when there's no other choice.
1 Like
@jsanz Thank you for the in depth response. I would much prefer to use Lens if its the easiest most efficient route to go. I just haven't had much luck getting the visualization to display what I need so all options were on the table. I'll work through your example today and see where I can get my visualization too.
Thanks for the input, Jorge! I probably misunderstood the original topic by proposing a scatter plot chart - sorry about that!
If a line chart suits the use case, using Lens is definitely the way to go.
@tsullivan No worries! I appreciate both of you helping out. Trying to work through the process here. To give more of an idea as to whats going on here, we're ingesting data, using a grok pattern to pull the events per second (eps) values out of the message field and then converting them to a float since they were initially being stored as a string. I thought this would be a pretty easy drag and drop process but I'm hitting the Elastic learning curve. 
@jsanz @tsullivan After working through all of the steps and still having some difficulty I've taken a step back to make sure that the data I'm working with is organized correctly first. This may be the underlying problem so I have a ticket open with support but also started a discussion thread called Convert message into eps data and create a visualization as well. Thanks for the help and I'll post here if I get this sorted out and the visualization setup.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.