Timelion for .monitoring-logstash index

jason_0 · August 6, 2020, 11:36pm

Hi Team,

I'm trying to create a timelion visualisation for the delta of the 'logstash_stats.events.out' field from the system index .monitoring-logstash*. The problem is that nothing is displayed for this index when I create the visualisation.

If i use this query which seems fairly simple, I get no data

.es(index='.monitoring-logstash*', metric='max:logstash_stats.events.out', timefield='@timestamp')

The query I'm trying to get working eventually is

.es(index='.monitoring-logstash*', metric='max:logstash_stats.events.out', timefield='@timestamp',).subtract(.es(index='.monitoring-logstash*', metric='max:logstash_stats.events.out', timefield='@timestamp', offset='-1m'))

Is this a limitation of Kibana not being able to use the system index in the timelion or am I doing something wrong?

Thanks
Jason

chrisronline · August 12, 2020, 3:02pm

The timefield should be just timestamp. Try that and see if it helps

system · September 9, 2020, 3:02pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
View Timelion data for all indices Kibana timelion	6	499	December 13, 2019
TimeLion basic question Kibana timelion	4	801	January 31, 2017
TimeLion Query for adding in a field from index Kibana timelion	2	318	April 11, 2019
Index not taken - Timelion Kibana timelion	8	2349	May 10, 2017
Timelion sees no documents Kibana	3	828	February 6, 2017

Timelion for .monitoring-logstash index

Related Topics