Hello ,
i am using timelion of kibana but this error appear
{"type":"incompleteFunction","function":"es","location":{"min":8,"max":11},"text":".es"}
this the query i wrote
.es(*),.es(index='transaction",timefield="transaction_date", metric="cardinality:customer_name").substract(.es(index="transaction",metric="cardinality:customer_name",offset ="-1M"))
It looks like you're missing the timefield=“transaction_date” from the .subtract(.es()) part.
You have;
.es(*),.es(index='transaction",timefield=“transaction_date”, metric=“cardinality:customer_name”).substract(.es(index=“transaction”,metric=“cardinality:customer_name”,offset ="-1M"))
but should be;
.es(*),.es(index='transaction",timefield=“transaction_date”, metric=“cardinality:customer_name”).substract(.es(index=“transaction”,timefield=“transaction_date”,metric=“cardinality:customer_name”,offset ="-1M"))thank you for your reply
i tryed it but the same error appear
SyntaxError: {"type":"incompleteFunction","function":"es","location":{"min":101,"max":104},"text":".es"}
at peg$buildException (eval at compile (/opt/kibana-5.5.0-linux-x86_64/node_modules/pegjs/lib/compiler.js:54:37), :363:14)
I think between copy/pasting in this thread a bunch of the single quotes have been replaced with double-quotes and smart-quotes. When you're trying it I think you should be using single quotes everywhere. Let me know if that fixes it.
With my data I was able to use this expression;
.es(index='metricbeat-*',metric='cardinality:metricset.name').subtract(.es(index='metricbeat-*',metric='cardinality:metricset.name',offset ='-9m'))
Another thought is to break down you expression so that you can test each part. For example, the .es() block inside the .subtract() does that work by itself?
thank you for your reply
it worked but i didn't understand why timelion series of kibana always give me null results or nothing at all even if there is no error and when i add .points() function it only gives one point
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.
