Create Kibana dashboard has problems

Hello discuss.elastic.co,

My name is Bogdan Oproescu, and I am senior data architect for EasyDO Technologies in Bucharest. I am leading our Elastic projects and technology at EasyDO, and we currently have the following issue:

  1. we create several DSL queries that we suit to our specific needs for reporting.
  2. we then go to Kibana --> create new dashboard, and we would like to create this new dashboard, on the basis of each of our DSL queries.
    ... continued ...
  1. however, what we find instead, is that the Kibana interface for creating dashboards, actually modifies the initial DSL queries that we need to use!
    3.1. what actually happens, is that on the right-side lower part of the page, Kibana still respects the Count aggregation by default, and there is no way that we know, to disable all of the aggregations in the Metrics block there, and let our DSL queries run the way that we wrote them!

3.2. so it appears that our initial DSL queries are always modified by this Kibana dashboard interface, even when we use the Lucene == Query DSL type, as is documented on your site!
3.3. my question is therefore: how can we make Kibana not modify our DSL queries, with these default aggregation types, and just run our DSL queries as they are: please confirm this to us, this is an important issue that we need to resolve quickly!
thanks in advance, Bogdan

Hi Bogdan- I am not sure I understand what your issue is. Kibana doesn't modify your DSL queries, but it does add a time filter when your Kibana index pattern has a "primary time field". Is the time filter the thing you are asking about?

Hi Bogdan,
Are you creating your DSL queries in Discover and saving those saved searches, and then adding those to a dashboard?

Regards,
Lee

hi Wylie, thanks for taking the time to respond: OK good to know that Kibana doesn't modify our DSL queries, but from our experience it did modify them. For example, as I wrote earlier, what actually happens, is that on the right-side lower part of the page, Kibana still respects the Count aggregation by default, and there is no way that we know, to disable all of the aggregations in the Metrics block there, and let our DSL queries run the way that we wrote them!

and secondly Wylie, I don't know if our Kibana index pattern has a primary time field: I will post it to this reply so you can see for yourself if it has or not:
indent preformatted text by 4 spaces
' {
"mappings": {
"access_log": {
"properties": {
"@timestamp": {
"type": "date"
},
"@version": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"accessdeniedreason": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"accesspermited": {
"type": "boolean"
},
"accesstime": {
"type": "date"
},
"controllerid": {
"type": "long"
},
"direction": {
"type": "long"
},
"employeeid": {
"type": "long"
},
"employeetagid": {
"type": "long"
},
"facecaptureid": {
"type": "long"
},
"id": {
"type": "long"
},
"tagcode": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"tagtype": {
"type": "long"
},
"terminalid": {
"type": "long"
}
}
}
}
}
'

hi Lee, thanks for responding: yes, we are creating our DSL queries in the Kibana dev_tools console, and then trying to use these same DSQ queries (unmodified!) to create Kibana dashboards: good guess! But the point is, that something strange happens to our DSL queries in this process, and they get completely messed up!
Once again, we need to create visualizations based 100% on our DSL queries!
thanks, Bogdan

It sounds like your complaint is that you are getting aggregated data, not individual documents. Here are your options:

  1. To see individual documents in a dashboard, you can save your Discover search and add it to a dashboard. You can add filters only.

  2. To use the full query DSL by typing JSON, then you need to use Vega

Hello Wylie,
thanks for your reply: yes, I think the problem is that we are getting aggregated data, ad not individual documents.
Can you please describe in more detail your points 1 and 2 below:

  1. To see individual documents in a dashboard, you can save your Discover search and add it to a dashboard. You can add filters only . Bogdan: can you provide an example of this, and what exactly do you mean by filters?
  2. To use the full query DSL by typing JSON, then you need to use Vega Bogdan: we have never used Vega until now, and from an article I read yesterday on this, it says this:

When you first open the Vega editor in Kibana, you will see a pre-populated line chart which shows the total number of documents across all your indices within the time range.

but we cannot find this Vega editor in Kibana anywhere: do we need to install it separately? please confirm the above questions so we can progress further on this topic!
thanks in advance, Bogdan

To read about how to use Discover, including saving a search from discover, you can read the docs. https://www.elastic.co/guide/en/kibana/current/discover.html

Vega is part of Visualize. It is GA in 7.10, but before this time it was hidden if you have changed the Kibana setting visualize:enableLabs.

hi Wylie, thanks for your posts earlier on this issue: we have noted your points above, and therefore we will progress in 2 directions here:

  1. To read about how to use Discover, including saving a search from discover, you can read the docs. https://www.elastic.co/guide/en/kibana/current/discover.html and:
  2. we will also look at Vega, as you mentioned, to use the full query DSL by typing JSON.
    thanks again, and you can close this ticket now!
    greetings from Bucharest, Bogdan

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.