Hey,
Is it possible to combine timelion and watcher in some way?
Do timelion store its result in an index, so that we can create a watcher from that?
Can you use timelion as a language in JSON queries/scripts?
Because we would like to create a watcher on the change from day to day on some of our values so that if the change is too big it will trigger the watcher.
Hello, Sorry that I will speak not about Timelion but about watcher.Maybe it will help you.
I've a watcher that compares some stats for previous our vs last our. I use smth like below (but it is easy to check differ periods etc):
"input": {
"chain": {
"inputs": [
{
"first": {
"search": {
"request": {
"search_type": "query_then_fetch",
"indices": [
"name_of indices*"
],
"types": [
"events"
],
"body": {
"size": 0,
"_source": {
"excludes": []
},
"aggs": {
"err": {
"date_histogram": {
"field": "@timestamp",
"interval": "1h",
"time_zone": "UTC",
"min_doc_count": 1
}
}
},
"stored_fields": [
"*"
],
"script_fields": {},
"docvalue_fields": [
"@timestamp",
"time"
],
"query": {
"bool": {
"must": [
{
"query_string": {
"analyze_wildcard": true,
"default_field": "*",
"query": "*"
}
},
{
"range": {
"@timestamp": {
"gte": "now-1h",
"lte": "now"
}
}
}
],
}
}
}
}
}
}
},
{
"second": {
"search": {
"request": {
"search_type": "query_then_fetch",
"indices": [
"name_of_indices*"
],
"types": [
"events"
],
"body": {
"size": 0,
"_source": {
"excludes": []
},
"aggs": {
"err": {
"date_histogram": {
"field": "@timestamp",
"interval": "1h",
"time_zone": "UTC",
"min_doc_count": 1
}
}
},
"stored_fields": [
"*"
],
"script_fields": {},
"docvalue_fields": [
"@timestamp",
"time"
],
"query": {
"bool": {
"must": [
{
"query_string": {
"analyze_wildcard": true,
"default_field": "*",
"query": "*"
}
},
{
"range": {
"@timestamp": {
"gte": "now-2h",
"lte": "now-1h"
}
}
}
],
}
}
}
}
}
}
}
]
}
},
"condition": {
"script": {
"source": "if (ctx.payload.second.hits.total ==0 || ctx.payload.first.hits.total==0) return false; if (ctx.payload.first.hits.total/ctx.payload.second.hits.total >=3) return true; return false",
"lang": "painless"
}
},Hey,
timelion is only available within Kibana and thus does not work with watcher. If you are only accessing data from elasticsearch, you could try and reproduce the timelion query uin an elasticsearch query.
If you are accessing other data sources (or using certain functions that are not available but need to be rescripted in painless), it might be more tricky.
Sharing the concrete timelion expression would probably help a lot here.
--Alex
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.