Hi Team,
I'm trying to create a timelion visualisation for the delta of the 'logstash_stats.events.out' field from the system index .monitoring-logstash*. The problem is that nothing is displayed for this index when I create the visualisation.
If i use this query which seems fairly simple, I get no data
.es(index='.monitoring-logstash*', metric='max:logstash_stats.events.out', timefield='@timestamp')
The query I'm trying to get working eventually is
.es(index='.monitoring-logstash*', metric='max:logstash_stats.events.out', timefield='@timestamp',).subtract(.es(index='.monitoring-logstash*', metric='max:logstash_stats.events.out', timefield='@timestamp', offset='-1m'))
Is this a limitation of Kibana not being able to use the system index in the timelion or am I doing something wrong?
Thanks
Jason