Get aggregation result used by a Kibana visualization from ElasticSearch

91pavan · August 19, 2015, 6:39am

Hi. I have a Kibana visualization doing some nested aggregation. I want to get the raw data which Kibana uses to graph this visualization.

Here's the visState:

{
  "type": "histogram",
  "params": {
    "shareYAxis": true,
    "addTooltip": true,
    "addLegend": true,
    "mode": "grouped",
    "defaultYExtents": false
  },
  "aggs": [
    {
      "id": "1",
      "type": "avg",
      "schema": "metric",
      "params": {
        "field": "throughput"
      }
    },
    {
      "id": "2",
      "type": "terms",
      "schema": "segment",
      "params": {
        "field": "packetSize",
        "size": 50,
        "order": "asc",
        "orderBy": "1"
      }
    },
    {
      "id": "3",
      "type": "filters",
      "schema": "group",
      "params": {
        "filters": [
          {
            "input": {
              "query": {
                "query_string": {
                  "query": "loss:\"0\" AND bestOrWorst:\"worst\"",
                  "analyze_wildcard": true
                }
              }
            }
          },
          {
            "input": {
              "query": {
                "query_string": {
                  "query": "loss:\"0\" AND bestOrWorst:\"best\"",
                  "analyze_wildcard": true
                }
              }
            }
          },
          {
            "input": {
              "query": {
                "query_string": {
                  "query": "loss:\"0.01\" AND bestOrWorst:\"worst\"",
                  "analyze_wildcard": true
                }
              }
            }
          },
          {
            "input": {
              "query": {
                "query_string": {
                  "query": "loss:\"0.01\" AND bestOrWorst:\"best\"",
                  "analyze_wildcard": true
                }
              }
            }
          }
        ]
      }
    }
  ],
  "listeners": {}
}

Here's the kibanaSavedObjectMeta.searchSourceJSON:

{
  "index": "logstash-*",
  "query": {
    "query_string": {
      "query": "*",
      "analyze_wildcard": true
    }
  },
  "filter": []
}

I tried querying this from ES, but keep getting all sort of errors.
Query: http://pastebin.com/RChEDLuU

Any help, please? Much appreciated.

colings86 · August 19, 2015, 8:23am

What error(s) are you getting?

Also, why are you adding "size": 100000 to the request? This is probably the source of your issue as deep pagination is not a good idea as described in this section of the 'Elasticsearch: The Definitive Guide' book: https://www.elastic.co/guide/en/elasticsearch/guide/current/pagination.html