How to visualize a customized aggregation in Kibana4?

Elastic Stack Kibana
1

I am using elasticsearch 2.3.5 and Kibana 4.5.4. I have an index which gives me information of events, and the duration of them, with the following schema:

   "_index": "test",
    "_type": "sometype",
    "_id": "754ddb03404f69603b4e3b494df286446850a77a",
    "_source": {
       "@version": "1",
       "@timestamp": "2014-12-31T23:00:00.000Z",
       "Eventtype": "typeA",
       "Qty": 1,
       "Duration": 50.669166682

I am tryng to build a visualization that allows me identifying the maximum number of events ocurring at the same time, per day. To achieve that, i have built an aggregation query that samples the number of events every 5 minutes (sum of Qty), and, on a daily basis, calculates which is the max bucket for that day, so it tells me, for every day, what was the maximum number of events running at the same time. Finally, I calculate was was the all-time maximum occurrence. Additionally, the aggregation query is built to provide this information per Eventtype (yes, it's a heavy query)

The aggregation query looks like this:

   POST /test/sometype/_search
   {
     "size" : 0,
     "aggs" : {
      "Events_top5" : {
               "terms" : {
               "field" : "Eventtype",
               "size" : 5,
               "collect_mode" : "breadth_first"
           },
           "aggs" : {
               "reqs_by_1d" : {
                   "date_histogram" : {
                       "field" : "@timestamp",
                       "interval" : "1d"
                   },
                   "aggs" : {
                       "reqs_by_5m" : {
                           "date_histogram" : {
                               "field" : "@timestamp",
                               "interval" : "5m"
                           },
                           "aggs":{
                               "num_reqs_5m": {
                                   "sum": {
                                       "field": "Qty"
                                   }
                               }
                           }                
                       },
                       "max_reqs_1d": {
                           "max_bucket": {
                               "buckets_path": "reqs_by_5m>num_reqs_5m"
                           }
                       }
                   }
               },
               "max_conc_reqs": {
                   "max_bucket": {
                       "buckets_path": "reqs_by_1d>max_reqs_1d"
                   }
               }
           }
      }
     }
   }

I am being able to run this aggregation query against elasticsearch directly, using Sense, and it works. I have been trying to visualize this same aggregation query with Kibana, but I just don't know how to achieve it, despite going through the documentation (I am rather newbie).

Could you please help me with that?
Is it possible to set up a bar chart visualization to displays the Max daily concurrent events per event type?
If that is not possible, is there an alternative mechanism to achieve something similar?

Thanks in advance

1 Like
2

As far as i know you can't build visualization like that in kibana, at least not until pipeline aggregations are supported. Maybe you could do it with timelion ?

after looking into this a bit more i have a feeling this is not possible in timelion either ... but i will check more and update you on my findings.

1 Like