This looks exactly right to me, can you check your developer tools for the response from /metrics/vis/data? If the error is anything related to a null pointer exception I'm thinking it's a bug, https://github.com/elastic/elasticsearch/issues/27544.
When I try to use your example, I have this message only when I have a small number of samples in db. I increase it for test and it was OK. But, when I extend the query more close to what I need (meens derivative function) it returns me the same message:
Okay, as far as I can tell our best course is to plot this outside of TSVB then. Timelion is an option, and will crunch derivative and cumulative sum in the Kibana server avoiding the elasticsearch bug.
But when I use cusum() function, it not makes sense what I get for me. .es(index=spam-status-*, timefield=date, metric="max:actions.add header",split=hostname:20).derivative().cusum()
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.