Get extra fields at `xpack` vertices

dbenatia · November 12, 2019, 7:43am

Hello all , i am using elasticsearch v5.6 with an "xpack" license, i am doing a request to //_xpack/_graph/_explore as shown in the docs.
the response is vertices and connections as expected. is there any way to add an "extra" field except the one pointed out in
"vertices": [ { "field": "field1" } ]

???

Mark_Harwood · November 12, 2019, 10:56am

Hi @dbenatia

No, the field choice used here is to uniquely identify each of the vertices in the graph.
The graph API is primarily about discovery of the IDs of interest. To fill-in details about the entities behind these IDs you can then use a search and the aggregations framework to gather as much or as little as you need.
For example, having discovered email addresses mitch, chris and kay are connected you might then want to find out about when communications occurred. You can issue a follow-up query using the adjacency_matrix aggregation with a date_histogram aggregation to get a break down of when each of these email addresses interacted as follows:

{
	"size": 0,
	"query": {
		"terms": {
			"participants": ["kay@enron.com", "mitch@enron.com", "chris@enron.com"]
		}
	},
	"aggs": {
		"date": {
			"date_histogram": {
				"field": "Date",
				"interval": "1d"
			},
			"aggs": {
				"matrix": {
					"adjacency_matrix": {
						"filters": {
							"mitch": {
								"term": {
									"participants": "mitch@enron.com"
								}
							},
							"chris": {
								"term": {
									"participants": "chris@enron.com"
								}
							},
							"kay": {
								"term": {
									"participants": "kay@enron.com"
								}
							}
						}
					}
				}
			}
		}
	}
}

This would give you the all the data to draw out details of interactions over time like this:

If this were financial data you could also throw in a sum aggregation to size circles/lines by the amounts of money transferred.

In your case if you simply want to pull in some reference data like a label to go along with a vertices' ID number you might want to use a terms aggregation in a follow-up query. To avoid doing this in Graph and elsewhere I often find it is useful to index single terms that are a combination of an ID and a label e.g "John Smith [64374354]". This means that we have uniquely identified entities with readable labels that are useful in Kibana.

dbenatia · November 13, 2019, 8:40am

thank you for the quick response, is there a detailed doc on aggs ?

Mark_Harwood · November 13, 2019, 9:28am

The api docs have all the detail.
This blog offers some background

dbenatia · November 13, 2019, 10:19am

Alright, thank you for the help .

system · December 11, 2019, 10:19am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.