I am using ELK GA 5.0.0. I have created a line chart with Count in Y-Axis, and Date Histogram in X-Axis with timefield interval set to Second. The problem I am facing is, when I take it for 4 hours, my chart is showing some values, which is not correct. Below is the image;
In the image, you can see the count as 91.867. The filter total is none other than *. Then I narrowed the time range to the peak, like in the image below;
Setting a 1 second interval for an aggregation across a long time range will generate a very large number of buckets. I suspect Kibana therefore alters the interval automatically. You should be able to check this by looking at the generated aggregation, which can be seen by expanding the statistics view in the lower left corner of the visualisation.
If you are looking for a graph showing per second request rate, I would recommend creating a Timelion sheet that uses the scale_interval function (similar to this thread). As Timelion is now part of core Kibana, you can add Timelion sheets to a dashboard.
OK @Christian_Dahlqvist I have a doubt. I have a time field and @timestamp in my index. Both are date time fields. They have different values. time represents time that events occurred, and I have selected it as the default timestamp field in Kibana. Is this ok to work with timelion? or should i set time and @timestamp as same (using Logstash)?
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
