How to write search queries in kibana using Query DSL for aggregation

Elastic Stack Kibana
1

I am working on ELK stack to process Apache access logs. Spent a lot of time understanding Query DSL format so that more complex queries can be written. Currently am facing issues with running the queries in kibana interface but the same queries work just fine when sent using curl from command line.

Kibana version: 4.1.0
Elasticsearch version: 1.6.0
Java: 1.8.0_45

Using curl(working):
curl -XGET http://localhost:9200/cars/transactions/_search?search_type=count -d '{
"aggs" : {
"colors" : {
"terms" : {
"field" : "color"
}}}}'
Used data from here.

Using kibana(not working):
{ "aggs" : { "colors" : { "terms" : { "field" : "color" } } } }

Error:
org.elasticsearch.index.query.QueryPassingException:[.kibana] No query registered for [aggs]

Below are some of the queries I manage to run successfully in kibana using Query DSL on apache access log data,

  1. {"filtered":{"filter":{"bool":{"must":{"terms":{"verb":["get"]}}}}}}
  2. {"filtered":{"filter":{"bool":{"must_not":{"terms":{"agent":["crawler","spider","nagios"]}}}}}}

Any help will be greatly appreciated. I have already searched google about it for hours but without luck. Thanks in advance.

1 Like
2

Only the query/filter part of the query DSL works in the Kibana search bar - it allows you to filter down the set of returned documents. To apply aggregations in Kibana, you have to use the visualization builder in the Visualize tab. Under the "buckets" section, look for the "terms" aggregation.

3

Thank you, I got that to work. :smile:

4

@bene_jo : Could you please help on the as how did you go about it? I am trying doing the same but was unable to do aggregation using below query.

{
"size": 0,
"query": {
"query_string": {
"query": "*",
"analyze_wildcard": true
}
},
"aggs": {
"1": {
"cardinality": {
"field": "item_titles.sku_id"
}
}
}
}

5

bene_jo even am facing the same issue,can you please help me out with this?