Timelion query filter returning constant 0 results

I have an index with the following document structure:

"_source": {
    "installcreatedbyusername": "xxxx",
    "@timestamp": "2023-01-20T16:30:03.840332Z",
    "type": "aegis",
    "num_packages": 2,
    "num_environments": 14,
    "is_stage_only": true,
    "end_time": "2023-01-20T12:14:24.252083Z",
    "installisoutageconfirmed": true,
    "@version": "1",
    "changestatusname": "Finished",
    "install_id": 7005,
    "start_time": "2023-01-20T12:04:28.799086Z",
    "total_time_taken": 595.452997,
    "install_type": "NONPROD",
    "installname": "xxxxxxxx",
    "installissqlregenrequired": true,
    "installoutagetype": "xxxxxxxxx",
    "environment_names": "xxxxxxxxxx",
    "installcreateddatetime": "2023-01-20T12:04:28.797302Z"
  }

I am trying to generate a timelion graph for manual vs automated effort, and things appear to work, until I add in a query to start filtering my data.

My timelion queries (3rd is the one with the issue):

.es(index=aegis*,timefield=@timestamp,metric=cardinality:install_id,).multiply(50).divide(60).label("Engineer Time - NO Automation (hours)"),
.es(index=aegis*,timefield=@timestamp,metric=cardinality:install_id,).multiply(5).divide(60).label("Engineer Time - WITH Automation (hours)"),
.es(q='changestatusname: "Finished"', index=aegis*, timefield=@timestamp, metric=count:install_id).label('Finished Count')

Screenshot of my current results:

image1519×686 89.4 KB

You can see that the 'Finished Count' line is always zero, when I know that is incorrect. What am I doing wrong here?

In case this helps others, my index timefield was NOT @timestamp, so correcting to use the actual timefield fixed my issue.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.