However these are some small secrets you need when using it.
Suppose you have a document stored in the ElasticSearch index once in a minute or so, in an unstable rate. The document has a "value1" field that you want to display an average graph for, so you could use the Timelion expression:
.es(index=MyIndexPattern*,timefield=time,metric=avg:value1)
Running this expression using a "1 minute" interval, seems fine:
But when you change the interval to auto or to "1 hour", you get weird or even empty results:
Why?
Well, Timelion splits the data into buckets sized by the selected interval. In case the bucket has no documents for the bucket time period, it does not display any point in the graph.
We can try bypassing the problem by forcing the visualization to use a "1 minute" interval, but in this case, if the user selects a large time span for the graph, an error occurs:
Timelion: Error: Max buckets exceeded: 10080 of 2000 allowed.
Choose a larger interval or a shorter time span
What can we do?
The solution is very simple: We should let the Timelion for fill in the missing values.
For example, we can ask Timelion to use the last existing value if a bucket has no documents.
This is done using the "fit" function (new line added for readability, don't use new lines in the actual expression) :
This creates a "steps wise" graph:
Other fit modes can be used:
(taken from https://github.com/elastic/kibana/issues/17717)
You can select the one most matching your data.
Why?
Well, Timelion splits the data into buckets sized by the selected interval. In case the bucket has no documents for the bucket time period, it does not display any point in the graph.
We can try bypassing the problem by forcing the visualization to use a "1 minute" interval, but in this case, if the user selects a large time span for the graph, an error occurs:
Timelion: Error: Max buckets exceeded: 10080 of 2000 allowed.
Choose a larger interval or a shorter time span
What can we do?
The solution is very simple: We should let the Timelion for fill in the missing values.
For example, we can ask Timelion to use the last existing value if a bucket has no documents.
This is done using the "fit" function (new line added for readability, don't use new lines in the actual expression) :
.es(index=MyIndexPattern*,timefield=time,metric=avg:value1) .fit(mode=carry)
This creates a "steps wise" graph:
Other fit modes can be used:
(taken from https://github.com/elastic/kibana/issues/17717)
| Name | Description | Examples |
|---|---|---|
| None | Don't draw that value on the graph | [2, null null, 8] |
| Carry | Use the last non null value before that | [2, 2, 2, 8] |
| Nearest | Use the closest value (either before or after) that was non null | [2, 2, 8, 8] |
| Lookahead | Use the next non null value after that (opposite of Carry) | [2, 8, 8, 8] |
| Average | Use the average of the last and next non null value | [2, 5, 5, 8] |
| Linear Scale | Linear interpolate between closest values | [2, 4, 6, 8] |
| Explicit value | Specify an explicit value (x), that should be used instead | [2, x, x, 8] |
You can select the one most matching your data.
No comments:
Post a Comment