Hi I'm using elastisearch 8.12 and I'm trying to create a graph that shows "the most used query string paramenters". I have a field in my index called "query" that has each possible value (query string paramenter) as a property field keyword.
I aggregate the field "query" to count n how many documents they are present, like this:
{
"size": 0,
"aggs": {
"A": {
"value_count": {
"field": "query.a.keyword"
}
},
"B": {
"value_count": {
"field": "query.b.keyword"
}
},
"C": {
"value_count": {
"field": "query.c.keyword"
}
}
}
}
I can use "value_count" or "filter/exists" but in any case, the result is generated like a key/value object, not as a "buckets" array, as below:
"aggregations": {
"A": {
"value": 71537
},
"B": {
"value": 77386
},
"C": {
"value": 71827
}
}
So I cannot realize how can I show each of those values (A, B, C, etc) in a graph. Is there a way to add multiple values to a graph axis?
Or may another way to query or even tranform this (I've played around with the transform in the vega without success) to a array that can be showed as bar or lines graph, like this?
What I've done so far is the code below, but as expected, I can only have one value to be showed:
{
$schema: https://vega.github.io/schema/vega-lite/v5.json
title: Test
// Define the data source
data: {
url: {
// Apply dashboard context filters when set
%context%: true
// Filter the time picker (upper right corner) with this field
%timefield%: @timestamp
// Which index to search
index: indexname
// Aggregate data by the time field into time buckets, counting the number of documents in each bucket.
body: {
aggs: {
"count_fields": {
"global": {},
"aggs": {
"A": {
"value_count": {
"field": "query.a.keyword"
}
},
"B": {
"value_count": {
"field": "query.b.keyword"
}
},
"C": {
"value_count": {
"field": "query.c.keyword"
}
}
}
}
},
// Speed up the response by only including aggregation results
size: 0
}
}
format: {property: "aggregations.count_fields"}
}
"mark": "text",
"style": "text",
"encoding": {"text": {"field": "A.value", "type": "string"}},
}
Thanks