I am pretty new to Kibana.
I am logging ssh access hits and I want to compare the access hit counts during night time vs day time. How can I get this data? Also, How can I visualize this?
Also, what if I want to compare hits on weekends vs weekdays?
I can only see continuous time-line on X-axis in the visualization tab.
Any help is appreciated.
Hi Your question is very useful & important for time based analysis in Kibana.The answer is based on Kibana 4.1.
For example you want to create visualizations for day vs week:-
1. Click on Visualize tab.
2. Select Line Chart & select from a new search.
3. Select Count in Y-Axis Metric
4. Select Date Range in X-Axis agregation, select date field in Field option, in From field option input the range such as :- now-1W & corresponding mention in To field option as :now-1d
5. Then click Split Lines & select terms and its field to display top N results for that time range.
Hope it answers your query.
You can use hits chart, or trends. Try use trends with 12 hours difference - and that would be day and night for example. Also you can tag your log entries with spec tags depending on time you sent them to server.
Related
I have a table as follows, which has a category and some dates
I want to get (i) the earliest date for each category and (ii) the latest date from the category. Basically Im trying to get a Gantt chart visual between the two dates, based on the name
For example, alpha would run from 3May22 to 3 Aug22 on the chart since that effectively the start and end date of the category
I tried to drag my columns into the Gantt chart but I end up with a bunch of rows for each task (e.g. alpha, alpha, alpha) while I want to have the start date from the earliest alpha and the end date from the oldest alpha in one line.
Not sure if I need a measure (I think so) or a new column but I'm a bit stuck
Any help would be appreciated :)
Thanks,
Matthew
Actually, I found it, hopefully of use to someone else in the same boat.
PowerBI allows you to group the categories together under the visuals edit tab
I clicked that and suddenly everything looked good!
Let's say we have time slots documented in which a production line was running. In between each product maufactured are time slots in which the machine was idling.
I now want to plot the machine status over time, basically as a boolean value (running vs idling).
I get the machine log and need the chart on the right.
The machining duration will ultimately be logged including seconds and may vary for each product.
The first - and probably biggest - challenge for me is to find a smart way to extract the status from the time stamps. My current first step ist to create a table row for each minute and use the if statement in H4 to check wether article 1 was being manufactured.
IF(AND([#Time]>Machine_log[#Start],[#Time]<Machine_log[#Finish]);;)
However, since the final list will range over 24 hours or more and the number of articles quickly reaches 50 and more, I would love to avoid using nested IFs on this one..
I'm thankfull for any input and open for inspiration :)
Thank you all in advance!
PS: Anyone know how a better way than a scatter chart with two values per X-Value to display the chart as vertical lines/right angles like this?
One option is to add only those points that are necessary to the Status extraction table (which I named "Status"). (I named the Machine log table "Log").
Note: it looks like you are using a semicolon list separator, so you'll need to change the commas in the formulas below to semicolons.
Formula for the Time column:
=IF(ROW()=ROW(Status),MIN(Log[Start])-1/144,IFERROR(INDEX(Log[[Start]:[Finish]],INT((ROW()-ROW(Status)-1)/4)+1,MOD(INT((ROW()-ROW(Status)-1)/2),2)+1),MAX(Log[Finish])+1/144))
Formula for the Production running? column (enter into H4 and fill down):
=IF(SUMPRODUCT(--(Log[[Start]:[Finish]]=[#Time])),IF([#Time]=G3,3-H3,H3),1)
These formulas will pad your plot with 10 minutes of off time on either side.
To answer your question about avoiding two points for each x-value: no, each point on the plot has to have a corresponding data pair.
UPDATE IN RESPONSE TO COMMENT: I failed to mention that the above solution assumes the time data in the Machine log table are in ascending order. This means that if your data span more than one day, they will need to contain a date component or you can get plots where the line crosses back to the beginning. For example, if you have 23:57:00 followed by 00:10:00 with no date component, Excel treats these as 11:57 pm on 1 January 1900 and 12:10 am on 1 January 1900. (To see this, change the format to "General", and you'll see the values that Excel uses to encode date-time aren't in ascending order.) The solution is to enter the dates as "8/16/2020 23:57:00" and "8/17/2020 00:10:00" in the formula bar. If you're copying over from another data source, the date needs to be copied with the time. If the dates and times are in separate columns, your Start and Finish columns would each be a date column plus a time column.
I'm trying to do something in Grafana/Graphite which should be really easy, but has me baffled. I'd like to get the total by which a count has increased during the period I select in the top right corner of the Grafana UI.
Users of our site can import content from various sources, and every time they do an import, we increment a StatsD count. We include the source type in the StatsD path, so we can break out the numbers for each type of import in Grafana, as in this example.
Unfortunately, in this view of the graph Grafana is giving us crazy numbers. When we check them against another stats service we also use we see very different data. For example, the import Grafana shows as 96.9 in this screenshot, in our other system has a value of 4,466 over the last week. We're totally sure our other system is right and Grafana's number is wrong.
Can anyone suggest what we're doing wrong? We want a chart that'll give us the breakdown of number of imports of each type during the selected date range. Over 7 days, we'd expect the big green item to be 4,466, not 96.6. On a date range like 1 day, we'd expect it to be something like
629, because the count gets incremented by about that much per day.
I'm trying to have my line chart show data for the past 3 months. GDS has a 'last quarter' date range, but this shows me Q1, Q2, Q3, or Q4. What I need is the data for the past 3 full months (not counting the current month). I tried creating a calculated field but the documentation isn't proving very useful for the matter at hand.
eg. If the current date is Feb-20, I want to show data from 'Nov 1 - Jan 31'. Also need to compare to same period from last year.
Can anyone help? Thanks in advance!
I don't think this is possible in the way you're describing. You can achieve the same by creating a metric in your data source and then applying a filter at the page / chart / report level to remove data which doesn't meet your criteria
You can use the option "advanced" in the date dropdown and set the start date to today minus 3 months.
Is it possible to calculate a percentage change in a Cognos Report?
Currently, I have a crosstab that has years as the columns and widgets in the rows with a calculation of total revenue. I am looking to calculate the annual % increase. New to Cognos, but I could accomplish this using other tools.
Any help will be very much appreciated.
Sorry for the late answer to your question but perhaps it will help others who see it.
It's kind of annoying, but it can be done. If you have one Query which uses an input parameter to select the year, perhaps it is a filter that says [Year] = ?YearPrompt?, then you can make a second Query which uses the filter [Year] = ?YearPrompt? - 1. Then, you can join these two queries, and the third query (made by joining the first two) will have both this year's revenue, and last year's revenue, available to it for a calculation, such as what the percent change is.
You need to create a query calculation item as one of the columns and in it you take Year2 - Year1(You can choose the exact columns you already have in the report using the Data Items tab when you are making the query calc) Also make sure you make this query calc a % in its format.