Stacked discovery timelines

In kibana 5, what's best way to set up multiple discovery timelines, ideally on top of each other so we can correlate events? Custom dashboard? Or does timelion do this better? i.e., apache access logs with a search pattern first, then under that our php error logs, then under those our fpm debug logs with it's own search pattern etc. Does anyone have screen caps they can share that show how to do this? Thanks.

It sounds like you just want to see multiple types of data, but over the same timeline. Is that correct? If so, the Dashboard is your best bet. You don't be able to overlay all that data on a single visualization, unless it's coming from the same data source. If it is, you simply split the bars/lines/etc using a terms agg on the log type.

If it's not, you'll have to create different visualizations for all the data you'd like to see, and then add them all to a single Dashboard. So, 1 vis for your apache logs, 1 for php, 1 for fpm, and then drop them all into a monitoring style dashboard.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.