Hi,
I am getting the following error while running a cumulative sum in kibana? How can I resolve it?
[2018-11-30T17:22:51,686][DEBUG][o.e.a.s.TransportSearchAction] [szFHoO8] [winlogbeat-6.4.2-2018.11.27][2], node[szFHoO8fQPOBQxJ7Qq6yiA], [P], s[STARTED], a[id=KtS8mKcHSEKkMgy_t177UQ]: Failed to execute [SearchRequest{searchType=QUERY_THEN_FETCH, indices=[winlogbeat-], indicesOptions=IndicesOptions[ignore_unavailable=true, allow_no_indices=true, expand_wildcards_open=true, expand_wildcards_closed=false, allow_aliases_to_multiple_indices=true, forbid_closed_indices=true, ignore_aliases=false], types=[], routing='null', preference='1543578649246', requestCache=null, scroll=null, maxConcurrentShardRequests=5, batchedReduceSize=512, preFilterShardSize=64, allowPartialSearchResults=true, source={"size":0,"query":{"bool":{"must":[{"match_all":{"boost":1.0}},{"range":{"@timestamp":{"from":1542973971561,"to":1543578771561,"include_lower":true,"include_upper":true,"format":"epoch_millis","boost":1.0}}},{"match_phrase":{"event_data.NewProcessName":{"query":"C:\Program Files\Microsoft Office\Office16\OUTLOOK.EXE","slop":0,"zero_terms_query":"NONE","boost":1.0}}}],"adjust_pure_negative":true,"boost":1.0}},"_source":{"includes":[],"excludes":[]},"stored_fields":"","docvalue_fields":[{"field":"@timestamp","format":"date_time"}],"script_fields":{},"aggregations":{"4-bucket":{"terms":{"field":"@timestamp","size":5,"min_doc_count":1,"shard_min_doc_count":0,"show_term_doc_count_error":false,"order":{"_key":"desc"}}},"4":{"min_bucket":{"buckets_path":["4-bucket>_count"],"gap_policy":"skip"}},"5":{"cumulative_sum":{"buckets_path":["4"]}}}}}] lastShard [true]
org.elasticsearch.transport.RemoteTransportException: [szFHoO8][127.0.0.1:9300][indices:data/read/search[phase/query]]
Caused by: java.lang.IllegalStateException: cumulative sum aggregation [5] must have a histogram or date_histogram as parent
The aggregation is as below:
!
