How to post json query in Discover

I have composed the following query in the dev tools, and when I try to copy the json portion after the search, I just get an error message. Any thoughts on how I should paste the query in the discover tool?

Thanks,
gthang

   POST stats-m-mms-daily/_search
{
  "query": {
    "range": {
      "@timestamp": {
        "gt": "now-5s",
        "lt": "now"
      }
    }
  },
  "size": 0,
  "aggs": {
    "cloud": {
      "terms": {
        "field": "groupName"
      },
      "aggs": {
        "instance": {
          "terms": {
            "field": "instance",
            "size": 1
          },
          "aggs": {
            "totalQuotesReq": {
              "sum": {
                "field": "CustomStats_totalQuotesReq"
              }
            }
          }
        }
      }
    }
  }
}

In recent versions of Kibana you can do so like the following; however, we don't support specifying aggregations via the filter bar:

add-free-text-filter.gif1023×549 81.3 KB

Thank you for your response, what's the best way to add aggregations other than in the dev tool?

gthang

@gthang Discover is based around executing searches against Elasticsearch, and isn't aggregation based. Visualizations are all aggregation based, so if you're looking for the result of your aggregations in tabular format, I'd suggest using the Data Table Visualization. You'll have to use the Visualization "Editor" to create the equivalent of your aggregations, you unfortunately can't paste a raw aggregation query in JSON into Visualize.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.