Given a series incoming events like say: @timestamp1: a,b,c,d,e @timestamp2: a,b,c,d,e
(all numbers)
I need to perform some calculation which would be of the form
(max (a) - min (a) )* (max (b) - min (b)) / (max (c) - min (c) ).
Thanks to this. I know how to show it as a time series graph (using Visual Builder). But I also want to show it as a simple number for the overall duration that has been selected.
I tried lucene expression numeric APIs (doc['field_name'].max(), min()) but that doesn't work. I didn't see any such API within painless.
I also looked at "Scripted Metric Aggregation", but couldn't quite understand, where in Kibana to specify those expressions.
Same is the case with "Metrics Aggregation", how do I make use of it within Kibana?
It's driving me nuts that how can displaying aggregated number be so difficult as compared to a time-series chart? Any help in this matter is highly appreciated. Thanks.
Thanks for your response Lee.
I tried it but it displays only 0.
For simplicity, i kept only params.max in the painless script section, and I was expecting it to show the max value for Metric but it shows 0.
I had a similar confusion with Time Series Visual Builder. When using Metric with "max" or "min" aggregation, it will only show the value of the last bucket in the time series, not the max or min value over the entire time span. So what's probably happening is that your last bucket is empty.
In order to get the sum over the whole time span you have to use "Overall max" as a sibling aggregation.
Unfortunately, you can't do calculations on the values derived from sibling aggregations. This appears to be a limitation in the elasticsearch API. Hypothetically it seems like we should be able to run a calculation over these numbers in Kibana itself, client side. I'm not sure of whether this has been discussed as a potential solution (cc @thomasneirynck).
However, I have found a way around this limitation that may suit your purposes. If you change the bucket size to something very large, you can grab these max values and perform a calculation on the result.
To do this, in Options under Data, select yes to Override Index Pattern and make the interval something large. I made mine one year. Be sure to also check No on Drop last bucket.
You'll need to also go into Panel Options and check No for Drop last bucket there as well. For some reason, auto as an interval works fine for me here.
Then you should be able to add Max and Min aggregations, and the value won't be 0. Then you can run a calculation over those values, and hopefully get the number you are looking for.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
