Help with aggregation query

Chris_Stone · October 22, 2019, 10:17pm

I've been trying to create a query to use with the API to match what I've configured in Kibana as shown in this screen cap, but without luck. I'm able to create a query, but not sure how to incorporate aggs into it. Can someone lead me down the right path? My query so far:

curl  -s -XGET  "http://localhost:9200/logstash-*/_search?pretty" -H 'Content-Type: application/json' -d'
  {
    "_source": [
     "cookie_blah"
   ],
    "from": 0,
     "query": {
      "bool": {
        "must": [
          {
            "range": {
              "@timestamp": {
                "gte": "now-4h",
                "lt": "now"
              }
            }
          },
          {
            "term": {
              "vhost": "blah.blah.com"
            }
          },
			 {
          "exists": {
              "field": "cookie_blah"
				  }
          },
          {
            "query_string": {
              "fields": [
                "request"
              ],
              "query": "\\/blah/blah/blah",
              "analyzer": "keyword"
            }
          }
        ]
      }
    },
    "size": 10000
  }'

From Kibana: (I basically want the top 50 values and counts for the "cookie_blah" field.)

Thanks!

Glen_Smith · October 23, 2019, 1:31am

You should be able to inspect the query for whatever viz you have. What version of Kibana are you using?

Chris_Stone · October 23, 2019, 2:03am

Thanks, version 5.6....

Glen_Smith · October 23, 2019, 2:11am

Chris_Stone · October 23, 2019, 3:42pm

That's beautiful! Thanks Glen

--Chris

system · November 20, 2019, 3:42pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.