I want to display a graph of the EPS in kibana.
But, it displays a graph every 30 seconds over 1 hour that I defined.
While I have set by second.
Is there a possibility for it to display per second?
Thanks for your help
Below the capture
Kibana tries to prevent you from making extremely slow queries, so the main way to get a smaller time range is to zoom into a smaller time window.
It is possible to increase the histogram:maxBars advanced Kibana setting to change the behavior here. This affects all date histograms in Kibana.
If you want to build a custom query that uses an exact interval, you will have to use Vega.
If the exact number per second interval is not important and you just want to scale the y axis accordingly, another option to what Wylie wrote is to use TSVB and a "math" aggregation, dividing by params._interval which is the "width" of each bar in milliseconds:
This will give you the average count per second for each 30 second block.
1 Like
We cannot set to display EPS.
If it is possible, can you show me?
We've suggested 3 workarounds to your issue, have you tried these?
I increased the histogram: maxBars. But, I would like to have only one EPS over a period of time. Which is not the case.
I can't see anything in my graph.
What do you mean by "only one EPS over a period of time". Can you explain:
- What is your goal, as specifically as possible?
- What have you tried so far?
- What does your data look like in Elasticsearch?
- The goal for me is to filter for example on an interval of 24 hours. And then display for example that the EPS is equal to 300 in a table for example or on a graph.
- I tried to display on a graph and in a table. But, it displays details that vary every second of the 24 hour interval.
Like this:
3. My data looks like this:
<189>timestamp=1611418837 devname="DCL0001FW" devid="FG100FTK20004077" vd="VPN-PARTNER" date=2021-01-23 time=17:20:37 logid="0000000013" type="traffic" subtype="forward" level="notice" eventtime=1611418837682800503 tz="+0100" srcip=10.226.32.16 srcport=60166 srcintf="To-GCP" srcintfrole="undefined" dstip=10.2.26.51 dstport=80 dstintf="To-KLGRP_PRD" dstintfrole="undefined" srccountry="Reserved" dstcountry="Reserved" sessionid=2602487300 proto=6 action="close" policyid=246 policytype="policy" poluuid="76391d82-299a-51eb-1a72-b3bda661976d" policyname="KLEEGROUP_PRD-5" service="HTTP" trandisp="snat" transip=192.168.131.117 transport=60166 duration=2 sentbyte=633 rcvdbyte=487 sentpkt=6 rcvdpkt=6 vpn="To-KLGRP_PRD" vpntype="ipsec-static" appcat="unscanned"
Okay, I understand that you want to calculate "Events per second" across a time range of 24 hours. I think your best bet is to use TSVB, like Joe previous suggested. Open TSVB, then:
- Go to Panel Options > Index pattern and choose the right index pattern
- Go back to Data and configure Count, then Math, then type
params.count / params._interval * 1000 - You'll start seeing average values per second
- Switch to Metric to reduce this to a single number
- Important: Go back to Panel Options > Data timerange mode > Entire time range
Thank you so much. That's what I wanted.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.