Elasticsearch query on kibana

luis.carvalho · March 3, 2016, 4:10pm

Hi,

I would like to know if it's possible in some way, to visualize the next Elasticsearch query on a kibana metric or chart? I tried using JSON input but without a good result, and I don't know if it's the correct way.

GET _search
{
   "query": {
    "match_all": {}
  },
  "aggs": {
     "per_day": {
      "date_histogram": {
        "field": "@timestamp",
        "interval": "day"
      },
      "aggs": {
        "MISS_Sum": {
         "sum": {  "field": "MISS" }
        },
        "HTTP_Sum": {
          "sum" : {"field": "HTTP_Request"}
        },
        "Manifest_Sum": {
         "sum": { "field": "Manifest_Request"}
       },
       "m3u8_Sum": {
         "sum": {"field": "m3u8_Request"}
       },
        "Cache_MISS": {
         "bucket_script": {
            "buckets_path": {
              "miss_sum": "MISS_Sum",
              "http_sum": "HTTP_Sum",
              "manifest_sum": "Manifest_Sum",
              "m3u8_sum": "m3u8_Sum"
            },
            "script": "miss_sum / (http_sum - manifest_sum - m3u8_sum)"
         }
        }
      }
    }
  }
}

The goal is to show the Cache_MISS value.

Thanks.

tbragin · March 9, 2016, 5:26am

Kibana search bar does not accept query DSL aggregations - you'd have to build the aggregations using the vis builder in Visualize. Unfortunately, the bucket_script aggregation is not yet supported in Kibana Visualize (it's experimental in ES so we may not see it quite yet).

For what you're trying to accomplish, you may be able to do it using the Timelion Kibana plugin. It takes a different approach from pipeline aggs, but does do some more advanced time-series math. Have you tried it yet? If you do, we'd love your feedback here.

luis.carvalho · March 9, 2016, 11:08am

Thank you Tanya for your help. I'll try the Timelion plugin to do my time-series math. If it works, I'll be glad to post a feedback here.

Thanks again,

Luís Carvalho