Cannot add 10 or more rows to Visualize Library in table view in Kibana

Elastic Stack Kibana
1

Hello!

I cannot add 10 or more rows to Visualize Library in table view in Kibana

Steps on how to reproduce the issue:

  1. Go Dev Tools and run the following query:

    POST logs-my_app-default/_doc
{
  "@timestamp": "2099-05-06T16:21:15.000Z",
  "event": {
    "A" : "1",
    "B" : "2",
    "C" : "3",
    "D" : "4",
    "E" : "5",
    "F" : "6",
    "G" : "7",
    "I" : "8",
    "J" : "9",
    "K" : "10"
  }
}

  2. Go to "Stack Management > Index Pattrens > Create index pattern", find "logs-my_app-default", select "--- I don't want to use the time filter ---" for "Timestamp field" and click "Create index pattern" button

  3. Go at "Visualize Library > Create visualization > Lens" page abd select "logs-my_app-default" index pattern

  4. Start drag-and-dropping all fields one by one.

  5. Adding the last 10th field will lead to the following error:

    Request error: illegal_argument_exception, The provided aggregation [10] either does not exist, or is a pipeline aggregation and cannot be used to sort the buckets. in Invalid aggregation order path [10]. The provided aggregation [10] either does not exist, or is a pipeline aggregation and cannot be used to sort the buckets. (aggregation_execution_exception)

Did not find any errors in logs, however, maybe I missed something and if so just let me know

Screenshots:

1
11920×925 81.7 KB

2
21919×921 82.3 KB

2

If you check the Inspect panel to review the request made by Lens to Elasticsearch you can see that it's trying to do a nested aggregation terms search. You can run the same query from Dev Tools:



GET logs-my_app-default/_search
{
  "aggs": {
    "0": {
      "terms": {
        "field": "event.A",
        "order": {
          "10": "desc"
        },
        "size": 5
      },
      "aggs": {
        "1": {
          "terms": {
            "field": "event.B",
            "order": {
              "10": "desc"
            },
            "size": 3
          },
          "aggs": {
            "2": {
              "terms": {
                "field": "event.C",
                "order": {
                  "10": "desc"
                },
                "size": 3
              },
              "aggs": {
                "3": {
                  "terms": {
                    "field": "event.D",
                    "order": {
                      "10": "desc"
                    },
                    "size": 3
                  },
                  "aggs": {
                    "4": {
                      "terms": {
                        "field": "event.E",
                        "order": {
                          "10": "desc"
                        },
                        "size": 3
                      },
                      "aggs": {
                        "5": {
                          "terms": {
                            "field": "event.F",
                            "order": {
                              "10": "desc"
                            },
                            "size": 3
                          },
                          "aggs": {
                            "6": {
                              "terms": {
                                "field": "event.G",
                                "order": {
                                  "10": "desc"
                                },
                                "size": 3
                              },
                              "aggs": {
                                "7": {
                                  "terms": {
                                    "field": "event.I",
                                    "order": {
                                      "10": "desc"
                                    },
                                    "size": 3
                                  },
                                  "aggs": {
                                    "8": {
                                      "terms": {
                                        "field": "event.J",
                                        "order": {
                                          "10": "desc"
                                        },
                                        "size": 3
                                      },
                                      "aggs": {
                                        "9": {
                                          "terms": {
                                            "field": "event.K",
                                            "order": {
                                              "10": "desc"
                                            },
                                            "size": 3
                                          }
                                        }
                                      }
                                    }
                                  }
                                }
                              }
                            }
                          }
                        }
                      }
                    }
                  }
                }
              }
            }
          }
        }
      }
    }
  },
  "size": 0,
  "fields": [
    {
      "field": "@timestamp",
      "format": "date_time"
    }
  ],
  "script_fields": {},
  "stored_fields": [
    "*"
  ],
  "runtime_mappings": {},
  "_source": {
    "excludes": []
  },
  "query": {
    "bool": {
      "must": [],
      "filter": [],
      "should": [],
      "must_not": []
    }
  }
}

And you will get the same error reported in the Inspect panel on the Response tab.

So this is likely hitting a limit in the number of nested aggregations that you can send to Elasticsearch.

Why do you want to create a table that way? You can save a search in Discover with all the fields enabled and then add it to a dashboard like this:

image
image1307×852 32.7 KB

Does this help?

3

Thanks! Works like a charm!

1 Like
4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.