Timelion for .monitoring-logstash index

jason_0 · August 6, 2020, 11:36pm

Hi Team,

I'm trying to create a timelion visualisation for the delta of the 'logstash_stats.events.out' field from the system index .monitoring-logstash*. The problem is that nothing is displayed for this index when I create the visualisation.

If i use this query which seems fairly simple, I get no data

.es(index='.monitoring-logstash*', metric='max:logstash_stats.events.out', timefield='@timestamp')

The query I'm trying to get working eventually is

.es(index='.monitoring-logstash*', metric='max:logstash_stats.events.out', timefield='@timestamp',).subtract(.es(index='.monitoring-logstash*', metric='max:logstash_stats.events.out', timefield='@timestamp', offset='-1m'))

Is this a limitation of Kibana not being able to use the system index in the timelion or am I doing something wrong?

Thanks
Jason

chrisronline · August 12, 2020, 3:02pm

The timefield should be just timestamp. Try that and see if it helps

Topic		Replies	Views
Timelion shows 0 count Kibana timelion	4	2251	August 16, 2017
Timelion shows 0 count in .monotoring-* indices Elasticsearch	3	1847	July 17, 2017
TimeLion basic question Kibana timelion	4	838	January 31, 2017
Q="xxxx" not working on timelion when use metric Kibana	3	1842	January 16, 2017
Timelion es() metric: field data is disabled on text fields Kibana timelion	3	1250	December 12, 2017

Timelion for .monitoring-logstash index

Related topics