Menu
Is it possible to set a fixed timespan for a saved visualization or a saved search in Kibana 4?
Scenario: I want to create one dashboard with 2 visualizations with different time spans.
Note that changing the time span on the dashboard does not affect the visualizations. Possible?
317
With Kibana, you can quickly create and share dynamic dashboards that display changes to Elasticsearch queries in real-time.
Elasticsearch is a search and analytics engine. Logstash is a server‑side data processing pipeline that ingests data from multiple sources simultaneously, transforms it, and then sends it to a "stash" like Elasticsearch. Kibana lets users visualize data with charts and graphs in Elasticsearch.
Kibana is useful to convert log data from the ELK stack into visualizations and it also supports querying logs. Grafana is more of a general-purpose visualization tool that can work with a handful of data sets that may or may not be “logs”. But it does not support text querying.
You could add a date range query to the saved search you base each visualisation on. Eg, if your timestamp field is called timestamp:
timestamp:[now-6M/M TO now]
where the time range is from 'now' to '6 months ago, rounding to the start of the month.
Because Kibana also now supports JSON-based query DSL, you could also achieve the same thing by entering this into the search box instead:
{
"range" : {
"timestamp" : {
"gte": "now-6M/M",
"lte": "now"
}
}
}
For more on date range queries see https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl-range-query.html#ranges-on-dates
However changing the dashboard timescale will override this if it's a subset. So if you use the above 6 month range in the saved search, but a 3 month range in the dashboard, you'll filter to 3 months of data.
135
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
