Aggregation inside Visualization

kamfart · August 13, 2019, 1:29pm

Hello there,

I try to aggregate data with Kibana visualization but I've got some troubles.

I've parsed that log to extract the information in dedicated field.
Then, I try to sum the "number column" and to group them by ID

I used the DevTools to try, here my Query in SQL (yes I didnt master the DSL yet...) :
POST _sql?format=txt
{
"query":"SELECT id, (nbDigit + nbSpec + nbUpper + nbLower) as length FROM "test-report-audit*" WHERE note!='A' AND note!='D'"
}

The output look like :
id | length
---------------+---------------
559980310 |6
404312591 |9
941595003 |10
157634821 |9
977421435 |10

Now, I tried to use this result inside Kibana Verticale Bar to count the number of occurence of each number from the field "length". But I'm stuck.

On this forum, I found (in an another thread) that is not possible to use DSL Query inside vizu.
So I guess I have to left my SQL Query to figure it out with split slices/chart only ?

But, I don't know how to "convert" this result in a Kibana Visualization and moreover I don't know if Kibana can do this kind of operation ?

Thanks for your help,
Kamfart

wylie · August 13, 2019, 1:59pm

Your options here are:

Create a scripted field in your index pattern which can be used generally in Kibana, especially in Visualize. I think this is your best option.

https://www.elastic.co/guide/en/elasticsearch/painless/current/painless-guide.html

Use the SQL statement you described while building a Canvas dashboard and visualization
Use the Vega visualization, which supports querying elasticsearch directly via DSL or SQL

kamfart · August 14, 2019, 3:44pm

Hi Wylie, thanks for your help !

I've tried the 2nd solution, with Canvas, and it work perfectly !

Now, I'm trying to understand how Painless work.
But I've got a little problem.
Because is only about Painless langage, do I need to open another thread on Elasticsearch forum ?

Thanks,
Kamfart

wylie · August 14, 2019, 3:56pm

Yes, I think you will get the best help there. I'm definitely not as familiar with that language!

kamfart · August 19, 2019, 1:40pm

Thanks for all the solution Wylie, I'm going to close this topic.

Kamfart

system · September 16, 2019, 1:40pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Kibana Visualize - How to aggregate data with two string field values? Kibana	2	5514	February 22, 2018
In kibana(5.1.1) in Data Table visualization how can I Use aggregate function like `(count(*)/sum)` for whole bucket? Kibana	4	1090	March 10, 2017
Average of counts in a grouping Kibana	2	463	July 1, 2020
Using Elastic SQL with Vega Kibana vega	4	1106	May 29, 2020
Visualisation from Kibana using SQL query Kibana	3	2569	January 14, 2020

Aggregation inside Visualization

Related Topics