Is there anyway that kibana can filter the data globally by aggregation?

Elastic Stack Kibana
1

I have some data like the following stored in elasticsearch, the real data is much complex.

[
{
"searchTime":112,
"agentName":"blake"
},
{
"searchTime":200,
"agentName":"david"
},
{
"searchTime":112,
"agentName":"kyle"
},
{
"searchTime":200,
"agentName":"candy"
}
]
I have set up the index patter in kibana to match this index. and I created the visualization in kibana and display them in dashboard.

and there is the requirement that I have to filter them and aggregate them in dashboard. I had tried the following ways but still failed.

1.use the filter dsl in dashboard to globally filter the data.but it shows "Visualize: [parsing_exception] no [query] registered for [aggs], with { line=1 & col=90 }"
2.use the save objected to filter the dashboard, but failed.
3.use the elastic search alias to make it work like mysql' view , but it shows "not support aggs".

Is there anyway I can filter the data like the following dsl?

The dsl:
{
"aggs": {
"group": {
"terms": {
"field": "agentName"
},
"aggs": {
"group_docs": {
"top_hits": {
"size": 1,
"sort": [
{
"searchTime": {
"order": "desc"
}
}
]
}
}
}
}
}
}
It seems that es add alias not support aggs? also kibana not support aggs to filter the data?

2

hi @Zh_C,

not 100% sure what you're trying to do, with filter by aggregation. I guess you are trying to sort your data ? If so, you specify that sorting in the visualization-editor.

3

Hi @thomasneirynck
I need to sort the data by time first and then I group them(equal to the elasticsearch aggregation) by agentName , so the final data will show the latest data for each agentName.
Based on the requirement.
I try to filter the data by dashboard filter button, because the filter support dsl , but when I apply the dsl , it shows not support aggs..
and I also try to filter the data by save obejct, but not working....

do you have any idea for this requirement? or is there any way that elasticsearch can have the same function like mysql view to reindex the index pattern?
Really thanks for your kind help.

4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.