Why do that¶
Timelion, pronounced , brings together totally independent data sources into a single interface, driven by a simple, one-line expression language combining data retrieval, time series combination and transformation, plus visualization. Every Timelion expression starts with a data source function. For example .elasticsearch() (or .es() for short).
What to do¶
Punchplatform provides a multi tenant configuration by implementing a security component placed between kibana and elasticsearch. This component allows a kibana to access to authorized indices.
Update the index pattern from * to <tenant_name>-events-*
Timelion is based on timestamp. Often, the data use a custom timestamp like rep.ts, obs.ts or simply ts whereas timelion uses @timestamp by default.