TSVB values summarized with large numbers?

Elastic Stack Kibana
1

Hello.

I've been playing with TSVB and noticing something weird. I'm sending SNMP counters to Logstash which is converting the counter to a float and storing to ES in a field called "metric". This seems to visualize fine when the value of "metric" is small-ish. But when the counter goes beyond a certain point it seems to start averaging to the same value at every data point.

Raw values in discover:

image
image.png453×515 5.78 KB

Wrong values in TSVB (shown in markdown for clarity but creates a flat TS chart):
image

Same test on a device with a lower base counter value...

Discover:

image
image.png465×507 7.06 KB

TSVB:
image

Is there a precision value or something I'm missing to get the correct values on these?

Thanks!

2

hi @slashdoom,

thx for the question.

What you see is expected behavior really.

what you see in the Discover page are the raw values of the individual documents. In TSVB, you see the result of a query against the data. ldYour data in TSVB, in your example, is grouped by five minutes, and the value is an aggregation (e.g. average, min, max, ...). If you go to the 'Data' panel, you should see the aggregation that is being applied.

If you want to see 'raw' values for individual documents, you can do a Term group-by, where the term is a unique identifier of the document.

3

Hey Thomas. Thanks for taking the time to reply. I should have included more info. Here are screenshots of the Data > Metrics and Data > Options settings for the example that seems wrong to me...

image
image.png2012×317 8.92 KB

image
image.png2025×418 18.2 KB

My thinking was that since I have a filter and a 5m interval configured that I should get an increasing value per 5m just like the second example. (Though it might not exactly match the raw values in Discover due to aggregation as you mentioned.) I'm I still misunderstanding?

Thanks again!

4

hi @slashdoom,

interesting.

Without having access to your data, it's difficult to reproduce, but can you try the following?

  1. instead of setting the filter as a 'Filter' in the group by, can you make it a panel filter. e.g.:

image
image.png1062×336 21.3 KB

Do "Group by" everything in the markdown

  1. can you also try naming your variables, and then when you cycle, access it by variable name.

image
image.png1053×296 12.3 KB 

{{#each foobar.thing.data.formatted}}
 - {{[0]}}, {{[1]}}
{{/each}}

I am curious to see if you get the exact same behavior and values in the output, or not.

thx,

5

Still looks like I'm getting the same value at each point with the changes you recommended...

image
image
image

image
image.png1133×286 23.7 KB

image
image.png896×512 20.1 KB

6

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.