How do I post an aggregation to an index?

I'm fairly new to elasticsearch (v2.4.6), but I'm building some basic visualizations on Kibana (v4.6.4) using some existing indices that log cpu usage data. I can run the following aggregation and get the results via a curl command

curl -X GET -u a {https://xyz....2/index1/_search?pretty=true} -d '{
  "size": 0,
  "aggs": {
    "events_by_host": {
      "terms": {
        "field": "cell_host_the_app"
      },
      "aggs": {
        "events_by_date": {
          "date_histogram": {
            "field": "time_stamp",
            "interval": "30m"
          },
          "aggs": {
            "total_cpu": {
              "sum": {
                "field": "cpu_usgae_percentage"
              }
            },
            "max_cpu": {
              "max": {
                "field": "cpu_usgae_percentage"
              }
            }
          }
        },
        "max_aggregated_cpu": {
          "max_bucket": {
            "buckets_path": "events_by_date>total_cpu"
          }
        }
      }
    }
  }
}' -k 

However, I can not figure out how to post this aggregation to elasticsearch so I can use the results from this aggregation in a visualization.

What you really should look at doing is upgrading your Kibana (and thus also Elasticsearch). Kibana has since added support for pipeline aggregations (the max_bucket) thing so you can build a visualization like this:

Screen Shot 2018-03-02 at 3.14.29 PM.png648×1146 42.9 KB

Is there any other course of action I can take if upgrading isn't an option?

You could potentially try to use the JSON Input feature of Kibana (under the "Advanced" section of the buckets) but I'd strongly recommend upgrading instead.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.