About the agg request

Elastic Stack Kibana
1

Hi everyone, I need to create a new pieChart and split slices in bucket type, then click a piece of data in chart.

if I select the 'Date Histogram' as the sub Aggregation, the click event is normal and chart redraws the detail data which I click. But when I select other selection as the sub Aggregation like 'Terms', I click one piece of data would return an error:

Visualize: Request to Elasticsearch failed .

the detail error

Pasted image653×652 13.8 KB

I have compared the difference between the two request payloads in query field.
the normal

the error

Pasted image562×633 7.21 KB

What is the reason for this?
How can I modify this request?
What is the error mean?

2

Hi BendMoly,

I'm on the Kibana 4.6.0 release candidate but I don't think anything in this area changed since the previous release. What Kibana version are you on?

I tried to reproduce your issue. I installed packetbeat thinking I might get mac addresses. I didn't get mac, but I got IP addresses and they're both un-analyzed strings so I think it's about the same.

I did a Split Splices Terms aggregation on Field ip. I only got three slices from my quick test data. When I click on one of the slices it creates a filter and now I only have results for that one IP address. No error.

Here's my request.

{
  "size": 0,
  "query": {
    "filtered": {
      "query": {
        "query_string": {
          "query": "*",
          "analyze_wildcard": true
        }
      },
      "filter": {
        "bool": {
          "must": [
            {
              "query": {
                "match": {
                  "ip": {
                    "query": "209.18.47.61",
                    "type": "phrase"
                  }
                }
              },
              "$state": {
                "store": "appState"
              }
            },
            {
              "range": {
                "@timestamp": {
                  "gte": 1472042628486,
                  "lte": 1472057028486,
                  "format": "epoch_millis"
                }
              }
            }
          ],
          "must_not": []
        }
      }
    }
  },
  "aggs": {
    "2": {
      "terms": {
        "field": "ip",
        "size": 5,
        "order": {
          "_count": "desc"
        }
      }
    }
  }
}

Regards,
Lee

Also, is this visualization using a saved search?