How to visualize aggregation

Elastic Stack Kibana
1

Hi there

I am currently working on experimental project to monitor the logs from remote devices. As part of that the devices report the software version they currently run on. What I need is a dashboard to display as pie chart the distribution of software versions across the devices install base.

I managed to compose the DSL query that gives me the latest record per device serial number containing the message with the version number using aggregations:

{
"size": 0,
"query": {
"match_phrase": {
"Message": "Assembly Version"
}
},
"aggs": {
"SerialNumbers": {
"terms": {
"field": "SerialNumber.keyword",
"size": 100
},
"aggs": {
"LatestRecord": {
"top_hits": {
"size": 1,
"sort": [
{
"TimeStamp": {
"order": "desc"
}
}
]
}
}
}
}
}
}

Now, that works fine in the dev tool tab but how can I turn it into saved search and how to do it in a way that it is actually the aggregation section that is returned as a result not the documents that took part in "match" section. Is there any way to visualize the aggregation results at all?

2

Hi @Palkos,

You should be able to make a Saved Search matching the phrase Assembly Version. Then, make a visualization using that saved search with a configuration something like:

14%20PM
Screen Shot 2018-06-07 at 2.11.14 PM.png658×1762 61.3 KB

3

Hi Chris,

Thanks for the response. Unless I misunderstood something I have a suspicion that would only work if my index contained only the latest software version records. But my index contains the entire timeline of logs so I use the aggregation as per query above to find the latest log per device serial number that contains the "Assembly Version" phrase. And I need to visualize output of that.

Any hints?

4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.