Help with aggregation query

Elastic Stack Elasticsearch
1

I've been trying to create a query to use with the API to match what I've configured in Kibana as shown in this screen cap, but without luck. I'm able to create a query, but not sure how to incorporate aggs into it. Can someone lead me down the right path? My query so far:

curl  -s -XGET  "http://localhost:9200/logstash-*/_search?pretty" -H 'Content-Type: application/json' -d'
  {
    "_source": [
     "cookie_blah"
   ],
    "from": 0,
     "query": {
      "bool": {
        "must": [
          {
            "range": {
              "@timestamp": {
                "gte": "now-4h",
                "lt": "now"
              }
            }
          },
          {
            "term": {
              "vhost": "blah.blah.com"
            }
          },
			 {
          "exists": {
              "field": "cookie_blah"
				  }
          },
          {
            "query_string": {
              "fields": [
                "request"
              ],
              "query": "\\/blah/blah/blah",
              "analyzer": "keyword"
            }
          }
        ]
      }
    },
    "size": 10000
  }'

From Kibana: (I basically want the top 50 values and counts for the "cookie_blah" field.)

32%20PM
Screen Shot 2019-10-22 at 2.52.32 PM.png359×916 32.9 KB

Thanks!

2

You should be able to inspect the query for whatever viz you have. What version of Kibana are you using?

3

Thanks, version 5.6....

4

kibanaquery
kibanaquery.gif1270×586 1.24 MB

5

That's beautiful! Thanks Glen :slight_smile:

--Chris

1 Like
6

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.