Kibana Bar Chart - draw multiple series on a single chart

Question

Kibana Bar Chart - draw multiple series on a single chart

I have an index in Elasticsearch that contains an array of simple objects (the key value is shown in the example below).

Documents have a timestamp.

I can create separate histograms in Kibana for each key value (for example, one graph for bytes_sent and another for bytes_received).

I am wondering if there is a way to show both series on the same histogram.

thanks

Yasser

"_index": "myindex", "_type": "showstatus", "_id": "JhyLAGbcRDyXmrIMmP5lLg", "_score": 1, "_source": { "_datetime" : "2014-03-21 10:10:10", "showstatus": [ { "value": 96451, "variable_name": "bytes_sent" }, { "value": 435322, "variable_name": "bytes_received" } ] }

+7

kibana

Yasir Mar 20 '14 at 20:27

source share

4 answers

SKV · Answer 1 · 2015-04-29T18:34:30+0000

This can be done using a new panel called "multifieldhistogram". I could use it in Kibana3 after the Kibana patch was recently installed.

See this link which shows the panel. https://code.csdn.net/chenryn/kibana .

Brent van dussen · Answer 2 · 2014-04-04T20:15:10+0000

This is possible by running two queries, one for building bytes_sent and one for building bytes_received. Set the histogram to use the common value field. It looks like you might also need to split your data so that there are unique entries that are timestamp, bytes_sent, value and timestamp, bytes_received, value.

-Brent

Carlos Vega · Answer 3 · 2017-05-08T23:21:04+0000

I have a solution to this problem. Similar to the answer given by @OmarOthman, but without the above problems, namely:

If the information aggregated in the array is not possible, it is that the Elastic team hasn't done it yet .
You will need to disaggregate the documents in separate documents, one with each array value. You can use the parent documents elastic features to collect them.
Once you have documents with this form:

Disaggregated form:

 { "_datetime" : "2014-03-21 10:10:10", "bytes_sent": 12312, "bytes_received" : 123123 } { "_datetime" : "2014-03-21 10:10:11", "bytes_sent": 12310, "bytes_received" : 12313 }

instead:

 […] "_datetime" : "2014-03-21 10:10:10", "showstatus": [ { "value": 96451, "variable_name": "bytes_sent" }, { "value": 435322, "variable_name": "bytes_received" } ] } […]

You can make several series in Timelion, for example @OmarOthman, but you can also add a secondary (and even tertiary) Y axis using the yaxis Timelion method, for example:

 .es('avg:bytes_sent').yaxis(1, label='Bytes sent').bars(), .es('avg:bytes_received').yaxis(2, label='Bytes received', positon='right').bars()

Using the bars method, you can draw it as a histogram of a date.

Another approach suggested by @OmarOthman will only show the average value taking all the “values” from all documents in the showstatus array. This is because the request 'showstatus.variable_name: bytes_sent' is always true, because all documents have this "variable name" in their showstatus array. Therefore, both series would be the same if in some documents there wasn’t the byte_center variable_name inside the showstatus array. Try to draw it, it does not work as expected.

Marmarthman · Answer 4 · 2017-03-13T13:29:10+0000

To share knowledge about new versions of Kibana, this is easy to use with the Kibana TimeLion tool. Choose Timeseries when asked to create a visualization.

It was enough for me to go through several dialog boxes that appear at the beginning to understand how to get started. Something like this should be turned off:

 .es('showstatus.variable_name:bytes_sent'), .es('showstatus.variable_name:bytes_received')

Kibana Bar Chart - draw multiple series on a single chart

More articles: