diff --git a/public/partials/docs/tutorial.html b/public/partials/docs/tutorial.html index 8183aebaefa4c..5f522dd22a50e 100644 --- a/public/partials/docs/tutorial.html +++ b/public/partials/docs/tutorial.html @@ -7,7 +7,7 @@

Welcome to timelion the timeseries expression inter

- Why start with elasticsearch? Well, you're using timelion, so we know you have Kibana, so you definitely have Elasticsearch. So the answer is: Because its easy. Timelion want everything to be easy. Ok, lets do this thing. If you're already familar with Timelion's syntax, Jump to the function reference, otherwise click the Next button in the lower right corner. + Why start with elasticsearch? Well, you're using timelion, so we know you have Kibana, so you definitely have Elasticsearch. So the answer is: Because its easy. Timelion want everything to be easy. Ok, let's do this thing. If you're already familar with Timelion's syntax, Jump to the function reference, otherwise click the Next button in the lower right corner.

@@ -84,7 +84,7 @@

Passing arguments

Beyond count

- Counting events is all well and good, but the elasticsearch data source also supports any Elasticsearch metric that returns a single value. Min, max, avg, sum and cardinality are some of the most useful. Lets say you want a unique count of the src_ip field. You could do say, .es(*, metric='cardinality:src_ip'). To get the average of the bytes field you would run: .es(metric='avg:bytes'). + Counting events is all well and good, but the elasticsearch data source also supports any Elasticsearch metric that returns a single value. Min, max, avg, sum and cardinality are some of the most useful. Let's say you want a unique count of the src_ip field. You could do say, .es(*, metric='cardinality:src_ip'). To get the average of the bytes field you would run: .es(metric='avg:bytes').

@@ -137,7 +137,7 @@

Expressions and expressing yourself

Data: Transform insert beat boxing

- We can make our charts pretty all day, but its time for businessing. As an example exercise, we're going to figure out what percentage some subset of our data represents of the whole, over time. For example, what percentage of my web traffic comes from the US? Lets start with finding all events that contain US: .es('US'). Now, to find that ratio to the whole, we'd need to divide 'US' by everything, try this: .es('US').divide(.es()). Ah, not bad, but of course this provides us with a number between 0 and 1, lets correct that to a percentage: .es('US').divide(.es()).multiply(100). There, now we've divided all US traffic by all worldwide traffic, then multiplied the result by 100 to get a percentage. + We can make our charts pretty all day, but its time for businessing. As an example exercise, we're going to figure out what percentage some subset of our data represents of the whole, over time. For example, what percentage of my web traffic comes from the US? Let's start with finding all events that contain US: .es('US'). Now, to find that ratio to the whole, we'd need to divide 'US' by everything, try this: .es('US').divide(.es()). Ah, not bad, but of course this provides us with a number between 0 and 1, let's correct that to a percentage: .es('US').divide(.es()).multiply(100). There, now we've divided all US traffic by all worldwide traffic, then multiplied the result by 100 to get a percentage.

Timelion has a number of built in arithmetic functions, such as sum, subtract, multiply and divide, many of which can take a series or a number. There are also other data transformation functions including movingaverage, abs and derivative. In addition there are other view transformation functions than the ones we learned on the previous page. See the function reference for the complete list of transforming, and drawing functions.