Simple plotting example

cabishek188 · March 30, 2017, 11:06pm

I am trying to plot a simple X and Y line chart with kibana. However, it doesn't do what I need it to do and I don't know how to do it. Please help.

e.g. csv file I am sending to ES.

{
"message" => "1488466235.39,2017-03-02 06:02:34.695,821",
"@version" => "1",
"@timestamp" => "2017-03-30T22:48:06.125Z",
"path" => "/home/abi/TOTAL_FD_mp.csv",
"host" => "abi",
"type" => "csv",
"time/s" => "1488466235.39",
"date and time" => "2017-03-02 06:02:34.695",
"open FDs" => "821"
}
{
"message" => "1488466415.404,2017-03-02 06:02:34.702,854",
"@version" => "1",
"@timestamp" => "2017-03-30T22:48:06.125Z",
"path" => "/home/abi/TOTAL_FD_mp.csv",
"host" => "abi",
"type" => "csv",
"time/s" => "1488466415.404",
"date and time" => "2017-03-02 06:02:34.702",
"open FDs" => "854"
}

I see that logs are ingested into ES on my kibana discover page. All I want to do it plot a line chart like:

Y axis with "open FDs" and X axis with "timestamp".

How do I do it ?

LeeDr · June 13, 2019, 8:53am

It sounds like you want a line chart visualization. I'm not sure what you tried but here's an example.

But Kibana visualizations don't generally plot individual doc values. They use aggregations like Count, Average, Min, Max, etc. But your number of data points is small and spread out across time, you may get the individual values.

In my example below I select the Average system.process.id for the Y-Axis metric, and Date Histogram of @timestamp for the X-Axis.

But as you can see by the X-Axis legend, it's giving me the 5 minute average for each point on the line.

I can click in the chart (not on a point) and drag to zoom in to a smaller time frame, but even if I do that in my case down to millisecond scale, I still have multiple data points getting average.
If I then go back to Discover tab, keeping the same time scale, I can see that indeed I did have 128 hits (documents with the same timestamp).

So you might get a plot of individual points, or you might get some aggregation of your data.

Regards,
Lee

cabishek188 · June 13, 2019, 8:53am

Thanks LeeDr for the pointers. Just like the example you showed, in my case I want to do the Y-axis as "open FDs". if I choose the Y-axis Aggregation as max/Min/Average, I don't see "opens FDs" in the Field dropdown.

The "open FDs" show up as string but I did convert them to "integer". What do I need to do this "open FDs" field to populate in either of max/Min/Average ?

Thanks for the help.

cabishek188 · March 31, 2017, 6:08am

I was able to solve this issue by converting the string to integer type (using mutate) which solved my issue. Thanks

system · April 28, 2017, 6:08am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.