Kibana 简明教程

Kibana - Timelion

Timelion,也称为时间轴,是另一种可视化工具,它主要用于基于时间的数据分析。若要使用时间轴,我们需要使用简单的表达式语言,这将帮助我们连接到索引,并在数据上执行计算以获得我们需要的结果。

Timelion, also called as timeline is yet another visualization tool which is mainly used for time based data analysis. To work with timeline, we need to use simple expression language which will help us connect to the index and also perform calculations on the data to get the results we need.

Where can we use Timelion?

当您想比较与时间相关的数据时,可以使用 Timelion。例如,您有一个网站,并且您每天都会获得浏览量。您想分析数据,其中您要将本周数据与上周进行比较,即星期一到星期一,星期二到星期二,依此类推,了解浏览量和流量是如何不同的。

Timelion is used when you want to compare time related data. For example, you have a site, and you get your views daily. You want to analyse the data wherein you want to compare the current week data with previous week, i.e. Monday-Monday, Tuesday -Tuesday and so on how the views are differing and also the traffic.

Getting Started with Timelion

要开始使用 Timelion,请点击 Timelion,如下所示 −

To start working with Timelion, click on Timelion as shown below −

started with timelion

Timelion 默认显示所有索引的时间轴,如下所示 −

Timelion by default shows the timeline of all indexes as shown below −

timelion indexes

Timelion 使用表达式语法。

Timelion works with expression syntax.

Note − es(*) ⇒ 表示所有索引。

Note − es(*) ⇒ means all indexes.

要获取可用于 Timelion 的函数详细信息,只需点击文本区域,如下所示 −

To get the details of function available to be used with Timelion, simply click on the textarea as shown below −

click textarea

它会为您提供可用于表达式语法的函数列表。

It gives you the list of function to be used with the expression syntax.

当您开始使用 Timelion 时,它会显示一个欢迎信息,如下所示。强调的部分,即跳转到函数引用,给出了可用于 Timelion 的所有函数的详细信息。

Once you start with Timelion, it displays a welcome message as shown below. The highlighted section i.e. Jump to the function reference, gives the details of all the functions available to be used with timelion.

Timelion Welcome Message

Timelion 欢迎信息如下所示 −

The Timelion welcome message is as shown below −

welcome message

点击下一步按钮,它将引导您了解其基本功能和用法。现在,当您点击下一步时,您可以看到以下详细信息 −

Click on the next button and it will walk you through its basic functionality and usage. Now when you click Next, you can see the following details −

timelion basic functionality
querying elasticsearch datasource
expressing elasticsearch datasource
transforming data

Timelion Function Reference

点击帮助按钮,以获取 Timelion 可提供的函数引用的详细信息 −

Click on Help button to get the details of the function reference available for Timelion −

function reference

Timelion Configuration

Timelion 的设置在 Kibana 管理 → 高级设置中完成。

The settings for timelion is done in Kibana Management → Advanced Settings.

timelion configuration

点击高级设置并从类别中选择 Timelion

Click on Advanced Settings and select Timelion from Category

timelion category

选择 Timelion 后,它将显示 timelion 配置所需的所有必要字段。

Once Timelion is selected it will display all the necessary fields required for timelion configuration.

timelion necessary fields

在以下字段中,您可以更改要在索引上使用的默认索引和时间字段 −

In the following fields you can change the default index and the timefield to be used on the index −

timelion timefield

默认设置是 _all,时间字段是 @timestamp。我们保留原样,在时间表本身更改索引和时间字段。

The default one is _all and timefield is @timestamp. We would leave it as it is and change the index and timefield in the timelion itself.

Using Timelion to Visualize Data

我们将使用索引:medicalvisits-26.01.2019。以下是从 2017 年 1 月 1 日至 2017 年 12 月 31 日在时间表中显示的数据 -

We are going to use index:medicalvisits-26.01.2019. The following is the data displayed from timelion for 1st Jan 2017 to 31st Dec 2017 −

timelion display

用于上述可视化的表达式如下 -

The expression used for above visualization is as follows −

.es(index=medicalvisits-26.01.2019,timefield=Visiting_Date).bars()

我们使用了索引 medicalvisits-26.01.2019,该索引中的时间字段是 Visiting_Date,并使用了条形图功能。

We have used the index medicalvisits-26.01.2019 and timefield on that index is Visiting_Date and used bars function.

下面我们按天分析了 2017 年 1 月份的 2 个城市。

In the following we have analyzed 2 cities for the month of jan 2017, day wise.

timelion analyzed

使用表达式为:

The expression used is −

.es(index=medicalvisits-26.01.2019,timefield=Visiting_Date,
q=City:Sabadell).label(Sabadell),.es(index=medicalvisits-26.01.2019,
timefield=Visiting_Date, q=City:Terrassa).label(Terrassa)

此处显示了 2 天的时间表对比 -

The timeline comparison for 2 days is shown here −

Expression

.es(index=medicalvisits-26.01.2019,timefield=Visiting_Date).label("August 2nd 2018"),
.es(index=medicalvisits-26.01.2019,timefield=Visiting_Date,offset=-1d).label("August 1st 2018")

这里我们使用偏移量并且给出了 1 天的差异。我们选择了 2018 年 8 月 2 日作为当前日期。因此它给出 2018 年 8 月 2 日和 2018 年 8 月 1 日的数据差异。

Here we have used offset and given a difference of 1day. We have selected the current date as 2nd August 2018. So it gives data difference for 2nd Aug 2018 and 1st Aug 2018.

timelion comparison

2017 年 1 月份排名前 5 位的城市数据列表如下。我们在此处使用的表达式如下:

The list of top 5 cities data for the month of Jan 2017 is shown below. The expression that we have used here is given below −

.es(index=medicalvisits-26.01.2019,timefield=Visiting_Date,split=City.keyword:5)
list of top cities

我们使用了拆分并给出了城市作为字段名称,并且由于我们需要来自索引的前 5 位城市,因此我们给出了 split=City.keyword:5

We have used split and given the field name as city and the since we need top five cities from the index we have given it as split=City.keyword:5

它给出了每个城市的数量,并列出它们的名字,如作图中所示。

It gives the count of each city and lists their names as shown in the graph plotted.