Create visualization using response from Search API

Kapila · December 9, 2020, 10:04am

Is it possible to create visualizations in Kibana using response received in SearchAPI in Dev Tools?

flash1293 · December 9, 2020, 12:20pm

The Kibana Vega integration is the right tool for this - it allways you to specify a search query and turn the response into a chart using the vega specification language.

Kapila · December 10, 2020, 10:10am

We are trying to create Vega visualization from response but facing an issue with collapse. Our API request use collapse to get latest record set but seems we cannot use collapse with Vega. Any idea?

flash1293 · December 10, 2020, 10:30am

Vega works with all search requests, you just have to make sure you are mapping the response object correctly to the chart. Can you share your vega spec?

Kapila · December 10, 2020, 10:49am

PFB Vega spec

{
  "$schema": "https://vega.github.io/schema/vega/v5.json",
  "width": 300,
  "height": 300,
  "autosize": "none",
  "description": "Demonstration",
  "data": [
    {
      "name": "table",
      "url": {
        "index": "demo*",
        "body": {
          "aggs": {
            "terms": {
              "terms": {"field": "Status.keyword", "min_doc_count": 0}
            }
          },
          "size": 0,
          "query": {
            "bool": {
              "must": [
                "%dashboard_context-must_clause%",
                {"range": {"@timestamp": {"%timefilter%": true}}}
              ],
              "must_not": ["%dashboard_context-must_not_clause%"],
              "filter": ["%dashboard_context-filter_clause%"]
            }
          },
		  "collapse" : {
			"field" : "ID.keyword" 
		  }
        }
      },
      "format": {"property": "aggregations.terms.buckets"},
      "transform": [{"type": "pie", "field": "doc_count"}]
    }
  ],
  "scales": [
    {
      "name": "color",
      "type": "ordinal",
      "domain": {"data": "table", "field": "key"},
      "range": {"scheme": "set1"}
    }
  ],
  "marks": [
    {
      "name": "sector",
      "type": "arc",
      "from": {"data": "table"},
      "encode": {
        "enter": {
          "fill": {"scale": "color", "field": "key"},
          "align": {"value": "center"},
          "baseline": {"value": "middle"},
          "x": {"signal": "width/2"},
          "y": {"signal": "height/2"}
        },
        "update": {
          "startAngle": {"field": "startAngle"},
          "endAngle": {"field": "endAngle"},
          "padAngle": {"signal": 0.02},
          "innerRadius": {"signal": 80},
          "outerRadius": {"signal": "200 / 2"},
          "cursor": {"value": "pointer"},
          "tooltip": {
            "signal": "{Status: datum.key, Count: datum.doc_count}"
          }
        }
      }
    }
  ]
}

flash1293 · December 10, 2020, 10:54am

collapse is a feature of document search, not aggregations. It seems like you are mixing both of these here. I think the right approach here is to use the top hits aggregation https://www.elastic.co/guide/en/elasticsearch/reference/current/search-aggregations-metrics-top-hits-aggregation.html instead. Use it as a nested aggregation inside of terms. Also, you are using the doc_count field, how do you expect it to take ID.keyword into account.

The approach I recommend here:

Build your query in dev tools and make sure it's returning what you want
Think about how this data can be mapped to a chart
Go to vega and configure this mapping

Kapila · December 10, 2020, 11:04am

Thanks a lot Joe, will follow your approach and come back if we face any issue

system · January 7, 2021, 11:04am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.