Timelion Visualization

shrutip · April 19, 2019, 1:05am

Hi,
my requirement is to make a timelion .
I need to count records group by two fields and with two where condition

Metric is count (where field1 = value1 and field2 = value2)
group by - terms field1
then by - date histogram @timestamp.

Thanks

joshdover · April 19, 2019, 9:33pm

Hi there!

I think the .es() function has all of what you need to do this. You should be able to do something similar to:

.es(q="+field1:'val1' +field2:'val2'", split=field3:10, timefield=@timestamp)

q is Lucene query syntax
split will do a term aggregation on the specified field up to "10" top terms
timefiled allows you to specify which column to use for the date histogram

Let me know if you need additional help!

system · May 17, 2019, 9:33pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
TimeLion Query for adding in a field from index Kibana timelion	2	319	April 11, 2019
Timelion filter Kibana timelion	2	5734	March 20, 2017
Split in Timelion Kibana timelion	3	5455	August 5, 2017
Timelion aggregation- Possible with terms? Kibana timelion	3	5746	September 21, 2017
Timelion feature Kibana timelion	4	418	April 9, 2018

Timelion Visualization

Related topics