How do I post an aggregation to an index?

Motez_Musa · March 2, 2018, 10:10pm

I'm fairly new to elasticsearch (v2.4.6), but I'm building some basic visualizations on Kibana (v4.6.4) using some existing indices that log cpu usage data. I can run the following aggregation and get the results via a curl command

curl -X GET -u a {https://xyz....2/index1/_search?pretty=true} -d '{
  "size": 0,
  "aggs": {
    "events_by_host": {
      "terms": {
        "field": "cell_host_the_app"
      },
      "aggs": {
        "events_by_date": {
          "date_histogram": {
            "field": "time_stamp",
            "interval": "30m"
          },
          "aggs": {
            "total_cpu": {
              "sum": {
                "field": "cpu_usgae_percentage"
              }
            },
            "max_cpu": {
              "max": {
                "field": "cpu_usgae_percentage"
              }
            }
          }
        },
        "max_aggregated_cpu": {
          "max_bucket": {
            "buckets_path": "events_by_date>total_cpu"
          }
        }
      }
    }
  }
}' -k

However, I can not figure out how to post this aggregation to elasticsearch so I can use the results from this aggregation in a visualization.

shanec · March 2, 2018, 11:15pm

What you really should look at doing is upgrading your Kibana (and thus also Elasticsearch). Kibana has since added support for pipeline aggregations (the max_bucket) thing so you can build a visualization like this:

Motez_Musa · March 7, 2018, 6:05pm

Is there any other course of action I can take if upgrading isn't an option?

shanec · March 7, 2018, 6:54pm

You could potentially try to use the JSON Input feature of Kibana (under the "Advanced" section of the buckets) but I'd strongly recommend upgrading instead.

system · April 4, 2018, 6:55pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.