Cannot use percentile aggregation on custom double field

Elastic Stack Kibana
1

I added $request_time field to my Nginx access log without update the default mapping and used %{NUMBER:http.response.time:double} in Grok to parse it. I can use percentiles aggregation in DevTools on this field:

Screen Shot 2020-03-10 at 8.09.16 PM
Screen Shot 2020-03-10 at 8.09.16 PM2226×1218 290 KB

However, in bar chart visualization, I cannot use Range or Percentile in this field. I changed the aggregation to Term and figured out the Kibana see this field as String.

In addition, when I used TSVB, I still could apply Percentile on this field and now Kibana sees it as a number:

Screen Shot 2020-03-10 at 8.17.11 PM
Screen Shot 2020-03-10 at 8.17.11 PM2772×1356 328 KB

Does anybody know why I cannot use it with Percentile aggregation in Bar chart?
Thanks in advance.

2

Can you check the mapping and post it here? Kibana shouldn't really see a field as string if it's a numeric field in the mapping.

3

@Marius_Dragomir

I figured out that the currently supported number types for Grok are int and float. That's why when I used %{NUMBER:http.response.time:double} to parse the field, it got some problems at some points.
I changed the pattern to %{NUMBER:http.response.time:float} and it worked fine now.

Anyway, thank you very much for your response.

1 Like
4

Glad you got it all sorted out.

1 Like
5

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.