Hello. I am trying to work in Timelion to show the total number of events received per day (24hour period). Instead, I keep getting the totals growing each day. I have included the "interval=24h" option. Is there a way to have it show the totals each day? I'm new to this and trying to learn as I go.
Thank you in advance for any comments, suggestions, or examples you share.
Thanks Vadim. Here is the expression:
.es(index=data-leakage*,metric=count,interval=24h,split=data_type.keyword:40,q="NOT data_type:GeneralStatus").label(regex="^.* > data_type.keyword:(\S+) > .*",label="$1").lines(fill=1,width=1).color(blue).title('Data Leakage - # of Records').legend(columns=4,position=nw)
The interval=24h parameter itself should not start accumulating the data, at least when I tried it.
I've looked at your Timelion expression and I cannot see anything that should make it accumulate the data. But there is one trick you can do: you can create two time series offset by one day, and compute the difference between them. Something like this:
es(..., interval=24h).subtract(
es(..., interval=24h, offset=-1d)
)This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.