My customer accountContact commercialWebmailOVHcloud Blog

Welcome to OVHcloud.

Log in to order, manage your products and services, and track your orders

Log in

Using Timelion with Logs Data Platform

Last updated 27th July, 2020


Timelion is a Kibana module which allows you to query multiple datasources from a single Kibana instance a bit like Grafana. This tool is very powerful to analyze metric contained in logs (or simply analyze the logs count) sent to Elasticsearch (so Logs Data Platform here). This guide will show you how to achieve this.

The functionality of Timelion includes (but is not limited to):

  • Compute an average over a period of time
  • Compute a moving average over a period of time
  • Compute the derivative of a metric or the results of a specific query to quickly see the variations.
  • Doing arithmetic operation between your metric (division, sum, cumulative sum, multiply, percentage...)
  • Grabbing series from other sources to mix your data with it (Quandl, World Bank Indicators, Graphite).

An introduction to this plugin can be found here:


In order to use Timelion, your Kibana access has to be already configured. If you don't have it already, you can visit this Kibana tutorial. If you're ready, let's get started!


First, contact with Timelion on Kibana

To go to the Timelion module, use the link in Kibana interface:


Once the module is loaded, it should complain about an error on access right. This is expected since by default the timelion plugins try to load data for the index _all and this is forbidden. but don't worry, you can change the index on the fly by using the search bar with the parameter index. If you use an alias on your stream, you also need to change the timefield used from @timestamp to timestamp.


Configuring Timelion

To configure your default index and timefield for Timelion, go to the Management Page, and select the Advanced Settings. From there, locate the timelion settings and change the default index and timefield.

Where do I go from here?

Timelion has built-in documentation that allows you to discover its different functions. To access it, use the Docs button next to the time range selector at the top-right of the interface. The auto complete feature can also helps you to remember and have a short description of the available commands.

The Elasticsearch commands start by ".es", you can change the resolution of the chart by using the drop down menu at the right of the search bar.

To display all your data at the selected timerange (top right), use:


To display only the data that have a certain field use


To display the average on a numeric value present in your logs use :


You can display only the variation (derivative) on this value by using the following formula :


To display different data on different yaxis, use the yaxis() functions.

 .es(metric='avg:my_field_num').derivative(), es(*).yaxis(2)

In the following screenshot, you can easily see if there is a correlation between different metrics we have in your softwares (here we tried to find one in HA Proxy between the variation of the bytes_read and the duration of requests).


Every visualization you create through Timelion can be embedded in a Kibana Dashboard so you can further query and refine your data.


We have only scratched the surface of what you can do with Timelion. Head to these resources to learn even more cool tricks:

Go further

Did you find this guide useful?

Please feel free to give any suggestions in order to improve this documentation.

Whether your feedback is about images, content, or structure, please share it, so that we can improve it together.

Your support requests will not be processed via this form. To do this, please use the "Create a ticket" form.

Thank you. Your feedback has been received.

These guides might also interest you...

OVHcloud Community

Access your community space. Ask questions, search for information, post content, and interact with other OVHcloud Community members.

Discuss with the OVHcloud community

In accordance with the 2006/112/CE Directive, modified on 01/01/2015, prices incl. VAT may vary according to the customer's country of residence
(by default, the prices displayed are inclusive of the UK VAT in force).