Timelion for .monitoring-logstash index

jason_0 · August 6, 2020, 11:36pm

Hi Team,

I'm trying to create a timelion visualisation for the delta of the 'logstash_stats.events.out' field from the system index .monitoring-logstash*. The problem is that nothing is displayed for this index when I create the visualisation.

If i use this query which seems fairly simple, I get no data

.es(index='.monitoring-logstash*', metric='max:logstash_stats.events.out', timefield='@timestamp')

The query I'm trying to get working eventually is

.es(index='.monitoring-logstash*', metric='max:logstash_stats.events.out', timefield='@timestamp',).subtract(.es(index='.monitoring-logstash*', metric='max:logstash_stats.events.out', timefield='@timestamp', offset='-1m'))

Is this a limitation of Kibana not being able to use the system index in the timelion or am I doing something wrong?

Thanks
Jason

chrisronline · August 12, 2020, 3:02pm

The timefield should be just timestamp. Try that and see if it helps

system · September 9, 2020, 3:02pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
View Timelion data for all indices Kibana timelion	6	500	December 13, 2019
Timelion shows 0 count Kibana timelion	4	2207	August 16, 2017
Timelion shows 0 count in .monotoring-* indices Elasticsearch	3	1824	July 17, 2017
Timelion es() metric: field data is disabled on text fields Kibana timelion	3	1213	December 12, 2017
TimeLion basic question Kibana timelion	4	801	January 31, 2017

Timelion for .monitoring-logstash index

Related topics