How to build charts from Elasticsearch query

Elastic Stack Elasticsearch
1

I have a command which is able to run in Elasticsearch following something similar to Moving average aggregation | Elasticsearch Guide [8.11] | Elastic

GET linux_cpu*/_search?search_type=count
{
"aggs": {
"my_date_histo": {
"date_histogram": {
"field": "@timestamp",
"interval": "day"
},
"aggs": {
"the_sum": {
"avg": {
"field": "CPU(%)"
}
},
"the_movavg": {
"moving_avg": {
"bucketsPath": "the_sum",
"window": 90,
"model": "holt_winters",
"settings": {
"type": "add",
"alpha": 0.8,
"beta": 0.2,
"gamma": 0.7,
"period": 30
},
"predict": 30
}
}
}
}
}
}

However, I don't know how can I generate a graph based on the query. Could anyone help with this?

2

Hi @Kennedy_Kan1,

that is out of scope of Elasticsearch and it depends entirely on your use case. A popular option is to use Kibana for that but you could also use the R connector and visualize your data there, write custom application logic etc. etc..

Daniel

3

Hi @danielmitterdorfer,

Thanks for your replies. However, as seen from the html, it did output some graph. I have captured one here.

Pasted image1035×607 50.8 KB

How should I be able to do that?

I have already tried to use Timelion with moving average function but it seems could not give something even similar/

4

Hi @Kennedy_Kan1,

it seems I have misunderstood your question. I thought you wanted to know how to generate charts at all based on a query result. I think your question is better suited for the Kibana forum if you already use Kibana. Could you post your question there?

Daniel

5

Hi @danielmitterdorfer,

Sure, however, it seems that this function is used as an ES query but not as a kibana query. Therefore, I thought there are some packages to generate the graph for special query. How is that possible to make ES to ship this query to kibana?

6

Hi @Kennedy_Kan1,

it is actually the other way around. When you create a visualization in Kibana, you build an Elasticsearch query which Kibana issues against Elasticsearch and then visualizes the results. So, you don't start with an Elasticsearch query, but with a visualization and build the query via the Kibana UI.

Daniel

7

Hi @danielmitterdorfer,

Thanks for clarifying my misunderstanding. Nevertheless, I have some questions towards my queries in ES.

As stated in question of my query, I wish to predict 30 days data. I have data input from 2014-12-31 to 2015-05-31, a 15-second basis record for CPU value and I use day as interval here in ES query.
However, when I go through the date start from 2015-06-01, it gives me the following

       {
      "key_as_string": "2015-05-30T00:00:00.000Z",
      "key": 1432944000000,
      "doc_count": 96,
      "the_sum": {
        "value": 5
      },
      "the_movavg": {
        "value": 4.789703098153141
      }
    }, "key_as_string": "2015-06-01T00:00:00.000Z",
  "key": 1433116800000,
  "doc_count": 0,
  "the_sum": {
    "value": null
  }
},
{
  "key_as_string": "2015-06-02T00:00:00.000Z",
  "key": 1433203200000,
  "doc_count": 0,
  "the_sum": {
    "value": null
  }
},

Is that an error or is that normal for ES?

8

Hi,

bear with me. I'll need a bit of time to check this.

Daniel

9

This directly relates to How to use Kibana to run Elasticsearch query?.

Given you already have a thread open on this topic, let's keep the conversation there please :slight_smile: