Display data in kibana table from an elasticsearch query

reyhanadp · January 15, 2020, 9:50am

hi, i have an elasticsearch query as follows:

GET default-2019.13/_search?size=0
{
"query": {
"match_all": {}
},
"aggs": {
"group": {
"terms": {
"field": "jobId.keyword",
"size": 3
},
"aggs": {
"group_docs": {
"top_hits": {
"size": 1,
"sort": [
{
"@timestamp": {
"order": "desc"
}
}
]
}
}
}
}
}
}

then the results of the above query are as follows:

{
"took" : 11,
"timed_out" : false,
"_shards" : {
"total" : 1,
"successful" : 1,
"skipped" : 0,
"failed" : 0
},
"hits" : {
"total" : {
"value" : 10000,
"relation" : "gte"
},
"max_score" : null,
"hits" :
},
"aggregations" : {
"group" : {
"doc_count_error_upper_bound" : 0,
"sum_other_doc_count" : 79110,
"buckets" : [
{
"key" : "4b976147-7463-4f3f-bff1-3841f1f92eef",
"doc_count" : 10764,
"group_docs" : {
"hits" : {
"total" : {
"value" : 10764,
"relation" : "eq"
},
"max_score" : null,
"hits" : [
{
"_index" : "default-2019.13",
"_type" : "_doc",
"_id" : "YfaQDG8BpC-jBiiLGKw2",
"_score" : null,
"_source" : {
"jobId" : "4b976147-7463-4f3f-bff1-3841f1f92eef",
"fingerprint" : "a2fd3dc6-f309-47f8-ba3f-d87fea6a7e3d",
"machineName" : "RVRPARS4ABC19WD",
"tenantKey" : "27d1f088-1e52-4611-b90e-0d17007a5415",
"logType" : "Default",
"level" : "Trace",
"path" : "D:/aplikasi_kerja/logstash-7.4.2/default-2019-20_csv-export.csv",
"robotName" : "Robot3-dev",
"host" : "IGS-RYHN",
"@timestamp" : "2019-12-02T09:39:42.368Z",
"fileName" : "Jaro_Processing",
"machineId" : 6,
"logF_BusinessProcessName" : "Framework",
"processName" : "RoboticEnterpriseFramework",
"processVersion" : "1.0.0",
"message" : "Write Line Closed",
"@version" : "1",
"rawMessage" : "2019-12-02T09:39:42.3688078Z,Trace,Write Line Closed,0,Robot,,Default,a2fd3dc6-f309-47f8-ba3f-d87fea6a7e3d,RVRPARS4ABC19WD\Administrator,RVRPARS4ABC19WD,RoboticEnterpriseFramework,1.0.0,4b976147-7463-4f3f-bff1-3841f1f92eef,Robot3-dev,6,,,Jaro_Processing,Framework,27d1f088-1e52-4611-b90e-0d17007a5415",
"levelOrdinal" : 0,
"Source" : "Robot",
"windowsIdentity" : "RVRPARS4ABC19WD\Administrator"
},
"sort" : [
1575279582368
]
}
]
}
}
},
{
"key" : "ff20ef37-fcfc-425e-a5de-d9c4103949ab",
"doc_count" : 7963,
"group_docs" : {
"hits" : {
"total" : {
"value" : 7963,
"relation" : "eq"
},
"max_score" : null,
"hits" : [
{
"_index" : "default-2019.13",
"_type" : "_doc",
"_id" : "S_aODG8BpC-jBiiLgicq",
"_score" : null,
"_source" : {
"jobId" : "ff20ef37-fcfc-425e-a5de-d9c4103949ab",
"fingerprint" : "fe1c97c5-2a9e-4758-b022-904da3ac31c2",
"machineName" : "RVRPARS4ABC19WD",
"tenantKey" : "27d1f088-1e52-4611-b90e-0d17007a5415",
"logType" : "Default",
"level" : "Trace",
"path" : "D:/aplikasi_kerja/logstash-7.4.2/default-2019-20_csv-export.csv",
"robotName" : "Robot3-dev",
"host" : "IGS-RYHN",
"@timestamp" : "2019-12-02T13:50:33.304Z",
"fileName" : "Jaro_Processing_Rules",
"machineId" : 6,
"logF_BusinessProcessName" : "Framework",
"processName" : "RoboticEnterpriseFramework",
"processVersion" : "1.0.0",
"message" : "Execute Query Faulted",
"@version" : "1",
"rawMessage" : "2019-12-02T13:50:33.3043824Z,Trace,Execute Query Faulted,0,Robot,,Default,fe1c97c5-2a9e-4758-b022-904da3ac31c2,RVRPARS4ABC19WD\Administrator,RVRPARS4ABC19WD,RoboticEnterpriseFramework,1.0.0,ff20ef37-fcfc-425e-a5de-d9c4103949ab,Robot3-dev,6,,,Jaro_Processing_Rules,Framework,27d1f088-1e52-4611-b90e-0d17007a5415",
"levelOrdinal" : 0,
"Source" : "Robot",
"windowsIdentity" : "RVRPARS4ABC19WD\Administrator"
},
"sort" : [
1575294633304
]
}
]
}
}
},
{
"key" : "5fe28a7a-558f-474d-b90e-d480b7fc36fe",
"doc_count" : 7617,
"group_docs" : {
"hits" : {
"total" : {
"value" : 7617,
"relation" : "eq"
},
"max_score" : null,
"hits" : [
{
"_index" : "default-2019.13",
"_type" : "_doc",
"_id" : "8feSDG8BpC-jBiiLgXrD",
"_score" : null,
"_source" : {
"jobId" : "5fe28a7a-558f-474d-b90e-d480b7fc36fe",
"fingerprint" : "ca6d929f-fbff-4498-bf57-a5f6f35d19b3",
"machineName" : "RVRPARS4ABC19WD",
"tenantKey" : "27d1f088-1e52-4611-b90e-0d17007a5415",
"logType" : "Default",
"level" : "Info",
"path" : "D:/aplikasi_kerja/logstash-7.4.2/default-2019-20_csv-export.csv",
"robotName" : "Robot3-dev",
"host" : "IGS-RYHN",
"@timestamp" : "2019-12-03T02:09:27.938Z",
"fileName" : "Main",
"machineId" : 6,
"logF_BusinessProcessName" : "Framework",
"processName" : "RoboticEnterpriseFramework",
"totalExecutionTimeInSeconds" : 43219,
"processVersion" : "1.0.0",
"message" : "RoboticEnterpriseFramework execution ended",
"totalExecutionTime" : "12:00:19",
"@version" : "1",
"rawMessage" : "2019-12-03T02:09:27.9387254Z,Info,RoboticEnterpriseFramework execution ended,2,Robot,,Default,ca6d929f-fbff-4498-bf57-a5f6f35d19b3,RVRPARS4ABC19WD\Administrator,RVRPARS4ABC19WD,RoboticEnterpriseFramework,1.0.0,5fe28a7a-558f-474d-b90e-d480b7fc36fe,Robot3-dev,6,43219,12:00:19,Main,Framework,27d1f088-1e52-4611-b90e-0d17007a5415",
"levelOrdinal" : 2,
"Source" : "Robot",
"windowsIdentity" : "RVRPARS4ABC19WD\Administrator"
},
"sort" : [
1575338967938
]
}
]
}
}
}
]
}
}
}

Can data from aggregate query results above be displayed in the Kibana table visualization?

wylie · January 15, 2020, 2:57pm

You can use the terms aggregation in the Kibana table visualization, yes.

system · February 12, 2020, 2:57pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.