Trying to figure our the correct syntax to reference nested fields in timelion. For example, using the Marvel index, how would you plot node_stats.indices.docs.count? This expression, .es(index='.marvel-es-1-*',metric='avg:node_stats.indices.docs.count'), does not plot any data. The field type is a number.
That looks right, thought I'm not well versed in Timelion so there may be a slight syntax issue I'm not seeing. Before I go digging, are you sure you have access to the index? You can check by hitting the cluster with a _search, like:
http://hostname:9200/.marvel-es-1-*/_search
Assuming that your cluster accessible from hostname on port 9200. If you get results back, then it's not an access problem.
It does have access, _search returns all the data. Also, I can visualize the data with standard kibana graphs. I've used timelion for some of our other indices and the same expressions I have tried work for fields that are not nested, so that's the only thing that seems different.
I have this same problem with the .marvel-es-* indices. I can get nested fields out of other indices but it seems to me that Timelion can't cope with the dot in ".marvel-es-*"
Kurt, I could reproduce that as well, and it seems to be a bug. I filed https://github.com/elastic/kibana/issues/9983
Hi Tim,
I have the solution now (got it from our support).
Marvel stores it's timestamp in the field "timestamp" instead of "@timestamp". You have to add in the Timelion query "timefield=timestamp" and it should work.