Visualization - compare data in a time range over days/weeks/months

Hi all,

I'm using ELK to store and graph Netflow data. I've created some line charts such as Flow over time, throughput over time, packets over time. What I need is to be able to compare data in a time range over days, weeks, or months.

For example, I want to see how many packets between 4pm and 5pm of today compared to yesterday or other previous days of the week, compare data of Monday to those of previous Monday of weeks.

The idea is to identify abnormal traffic based on Netflow throughput or packets over time. Let's say I'm looking at traffic for Thursday at 2pm. A high number of packets at 2pm does not necessarily mean an abnormal traffic if same number of packets occurred on Wednesday or Tuesday. A high value from the baseline is considered normal if it occurs during business hours or just because a program is scheduled to run at that time everyday or every weekday.

I wonder if Kibana has this feature or will support it in the future since it would be nice to create a baseline of data then identify the outliers

Thanks,
Anh

It currently does this by looking at longer timeframes as the time picker applies to the entire dashboard.

There may be a FR to allow per viz timeframes, but if not feel free to raise one!

Yes, but at a longer time frame, the time interval will also change like from 30 mins to every hour, every 3 hours, or every day, which again makes it hard to point out the outliers.

I wonder if ELK 5 stack will include a per viz timeframe support.

Not that I know of.

I know that Grafana dashboard supports time shift which does exactly what I need, but it's pretty limited in term of data exploring compared to Kibana. I hope that time shift ( -24h, -7day, - 1month) can be added to each Kibana visualization in future release.