Hi
Has anybody have success with using rollup index from elasticsearch in grafana? I can’t figure out how to do it, so if anybody have some pointer or links to information it would be gratefully appreciated.
Regards
Jan
I do…
Above, I can select the server what I want…
Below my rollup-metricbeat
Unfortunately, my rollup just created below 30 days… 
Regards,
Fadjar Tandabawana
Hi @fadjar340,
How do you add the data source in Grafana? Can you share your data source config?
Appreciate the response. Thanks.
Regards,
N
Thanks @fadjar340,
I did setup the data source the same as yours but still failing. From log it mention error related to authentication/permission. I have double check the credentials used is correct. As I tested with normal indices it can query fine.
Just wondering, did you enable security/https in your elasticsearch?
Regards,
Najib
Can you get the rollup index from curl command?
Also if possible, please paste the log that mention the error of authentication
Thanks for the response @fadjar340, sorry for the late reply. Currently not testing this, ended up using Kibana instead. But will revisit this in the future and test again. Appreciate your help! Thanks.
Just to update, I’m finally able to load roll-up index in Grafana. The issue I have previously is the timestamp. I refer back to @fadjar340 screenshot and now its working. Thanks @fadjar340 
Hi @fadjar340 , I am experimenting with ES rollup indices and not able to create datasource in Grafana for my rollup index. The error I am getting is below screenshot.
For the this prototype, I am using ES v7.15, Grafana v 8.2.2
Ultimately, I like to create a separate copy of out current Grafana Dashboards using rollup indices for long window analysis.
And here is my rollup index:
curl http://elastic:elastic@10.34.8.156:9200/1h-metricbeat | jq .
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 2100 100 2100 0 0 1044k 0 --:--:-- --:--:-- --:--:-- 2050k
{
"1h-metricbeat": {
"aliases": {},
"mappings": {
"_meta": {
"_rollup": {
"Rollup-Job-Test-1hr": {
"cron": "0 * * * * ?",
"rollup_index": "1h-metricbeat",
"groups": {
"date_histogram": {
"delay": "30s",
"field": "@timestamp",
"time_zone": "UTC",
"calendar_interval": "1h"
},
"terms": {
"fields": [
"service.type"
]
}
},
"id": "Rollup-Job-Test-1hr",
"metrics": [
{
"field": "process.cpu.pct",
"metrics": [
"avg",
"max",
"min",
"sum",
"value_count"
]
},
{
"field": "process.memory.pct",
"metrics": [
"avg",
"max",
"min",
"sum",
"value_count"
]
}
],
"index_pattern": "metricbeat-*",
"timeout": "20s",
"page_size": 1000
}
},
"rollup-version": "7.15.0"
},
"dynamic_templates": [
{
"strings": {
"match_mapping_type": "string",
"mapping": {
"type": "keyword"
}
}
},
{
"date_histograms": {
"path_match": "*.date_histogram.timestamp",
"mapping": {
"type": "date"
}
}
}
],
"properties": {
"@timestamp": {
"properties": {
"date_histogram": {
"properties": {
"_count": {
"type": "long"
},
"interval": {
"type": "keyword"
},
"time_zone": {
"type": "keyword"
},
"timestamp": {
"type": "date"
}
}
}
}
},
"_rollup": {
"properties": {
"id": {
"type": "keyword"
},
"version": {
"type": "long"
}
}
},
"process": {
"properties": {
"cpu": {
"properties": {
"pct": {
"properties": {
"avg": {
"properties": {
"_count": {
"type": "float"
},
"value": {
"type": "float"
}
}
},
"max": {
"properties": {
"value": {
"type": "float"
}
}
},
"min": {
"properties": {
"value": {
"type": "float"
}
}
},
"sum": {
"properties": {
"value": {
"type": "float"
}
}
},
"value_count": {
"properties": {
"value": {
"type": "float"
}
}
}
}
}
}
},
"memory": {
"properties": {
"pct": {
"properties": {
"avg": {
"properties": {
"_count": {
"type": "float"
},
"value": {
"type": "float"
}
}
},
"max": {
"properties": {
"value": {
"type": "float"
}
}
},
"min": {
"properties": {
"value": {
"type": "float"
}
}
},
"sum": {
"properties": {
"value": {
"type": "float"
}
}
},
"value_count": {
"properties": {
"value": {
"type": "float"
}
}
}
}
}
}
}
}
},
"service": {
"properties": {
"type": {
"properties": {
"terms": {
"properties": {
"_count": {
"type": "long"
},
"value": {
"type": "keyword"
}
}
}
}
}
}
}
}
},
"settings": {
"index": {
"routing": {
"allocation": {
"include": {
"_tier_preference": "data_content"
}
}
},
"number_of_shards": "1",
"provided_name": "1h-metricbeat",
"creation_date": "1635457394258",
"number_of_replicas": "1",
"uuid": "giEpB43bTF-Sigrmb3Mx9A",
"version": {
"created": "7150099"
}
}
}
}
}
Hi,
for the timestamp, please put:
@timestamp.date_histogram._count
Regards,
Fadjar Tandabawana
Thanks for the quick response, Fadjar! However, for some reason I still get message says: “No date field named @timestamp.date_histogram._count found”…
David
Hi,
As per your posting:
"properties": {
"@timestamp": {
"properties": {
"date_histogram": {
"properties": {
"_count": {
"type": "long"
},
"interval": {
"type": "keyword"
},
"time_zone": {
"type": "keyword"
},
"timestamp": {
"type": "date"
}
}
}
}
}
Because the _count is long, it’s not suitable for the time… You need to try put there:
@timestamp.date_histogram.timestamp as date format.
Regards,
Fadjar Tandabawana
Fadjar, Thanks much for your help again. @timestamp.date_histogram.timestamp works for me now. I will look into this paragraph for correct field in the future.
Can anybody suggest me for below issue?