From dev tools to Kibanna search

Request

GET /jmetrer_test_exec-*/_search?size=0
{
    "aggs" : {
        "sales_over_time" : {
            "date_histogram" : {
                "field" : "@timestamp",
                "format":"yyyy-MM-dd HH:mm:ss",
                "fixed_interval":"1s"
            }
        }
    }
}

Response

{
  "took" : 0,
  "timed_out" : false,
  "_shards" : {
    "total" : 1,
    "successful" : 1,
    "skipped" : 0,
    "failed" : 0
  },
  "hits" : {
    "total" : {
      "value" : 10000,
      "relation" : "gte"
    },
    "max_score" : null,
    "hits" : [ ]
  },
  "aggregations" : {
    "sales_over_time" : {
      "buckets" : [
        {
          "key_as_string" : "2019-09-10 13:18:43",
          "key" : 1568121523000,
          "doc_count" : 1
        },
        {
          "key_as_string" : "2019-09-10 13:18:44",
          "key" : 1568121524000,
          "doc_count" : 8
        },
        {
          "key_as_string" : "2019-09-10 13:18:45",
          "key" : 1568121525000,
          "doc_count" : 21
        },
        {
          "key_as_string" : "2019-09-10 13:18:46",
          "key" : 1568121526000,
          "doc_count" : 34
        },
        {
          "key_as_string" : "2019-09-10 13:18:47",
          "key" : 1568121527000,
          "doc_count" : 57
        },
        {
          "key_as_string" : "2019-09-10 13:18:48",
          "key" : 1568121528000,
          "doc_count" : 66
        },
        {
          "key_as_string" : "2019-09-10 13:18:49",
          "key" : 1568121529000,
          "doc_count" : 75
        },
        {
          "key_as_string" : "2019-09-10 13:18:50",
          "key" : 1568121530000,
          "doc_count" : 78
        },
        {
          "key_as_string" : "2019-09-10 13:18:51",
          "key" : 1568121531000,
          "doc_count" : 96
        },
        {
          "key_as_string" : "2019-09-10 13:18:52",
          "key" : 1568121532000,
          "doc_count" : 99
        },
        {
          "key_as_string" : "2019-09-10 13:18:53",
          "key" : 1568121533000,
          "doc_count" : 112
        },
        {
          "key_as_string" : "2019-09-10 13:18:54",
          "key" : 1568121534000,
          "doc_count" : 92
        },
        {
          "key_as_string" : "2019-09-10 13:18:55",
          "key" : 1568121535000,
          "doc_count" : 97
        },
        {
          "key_as_string" : "2019-09-10 13:18:56",
          "key" : 1568121536000,
          "doc_count" : 105
        },
        {
          "key_as_string" : "2019-09-10 13:18:57",
          "key" : 1568121537000,
          "doc_count" : 105
        },
        {
          "key_as_string" : "2019-09-10 13:18:58",
          "key" : 1568121538000,
          "doc_count" : 85
        },
        {
          "key_as_string" : "2019-09-10 13:18:59",
          "key" : 1568121539000,
          "doc_count" : 52
        },
        {
          "key_as_string" : "2019-09-10 13:19:00",
          "key" : 1568121540000,
          "doc_count" : 78
        },
        {
          "key_as_string" : "2019-09-10 13:19:01",
          "key" : 1568121541000,
          "doc_count" : 49
        },
        {
          "key_as_string" : "2019-09-10 13:19:02",
          "key" : 1568121542000,
          "doc_count" : 37
        },
        {
          "key_as_string" : "2019-09-10 13:19:03",
          "key" : 1568121543000,
          "doc_count" : 55
        },
        {
          "key_as_string" : "2019-09-10 13:19:04",
          "key" : 1568121544000,
          "doc_count" : 55
        },
        {
          "key_as_string" : "2019-09-10 13:19:05",
          "key" : 1568121545000,
          "doc_count" : 57
        },
        {
          "key_as_string" : "2019-09-10 13:19:06",
          "key" : 1568121546000,
          "doc_count" : 72
        }, ...

Hello everybody,
I ran this query from dev tools in Kibanna. How can I do to run it in the search part so that I could just save search and draw visualisation using Time Serie Visual builder ?

thanks in advance !!

Hi there!

Saved searches in Kibana are used for saving filters, so that's not quite what you want here.

To build a chart with this type of aggregation, follow these steps:

• Create a new TSVB visualization
• Under Metrics > Aggregation, choose "Count" (should be the default)
• Under Options > Override Index Pattern, choose "Yes"
• Enter "jmetrer_test_exec-*" into the "Index pattern" field
• Select "@timestamp" from the "Time Field" dropdown
• Enter "1s" into the "Interval" field

I don't believe there is a way to share this aggregation across visualizations since it's a specific query, but this should give you a graph of the same results you are retreiving in Dev Tools.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.