Kibana discovery error

Roshan_Jha · April 20, 2020, 3:48am

I am executing aggregation query in kibana discovery but it giving me error [parsing_exception] no [query] registered for [aggs], which is working fine in dev tools.

Here is the query which i am using.

   {
  "aggs": {
"users": {
  "terms": {
    "field": "principal.keyword"
  },
  "aggs": {
    "last_visted_date": {
      "max": {
        "field": "timestamp"
      }
    },
    "activity_login": {
      "filter": {
        "term": {
          "action.keyword": "LOGIN"
        }
      },
      "aggs": {
        "last_login_date": {
          "max": {
            "field": "timestamp"
          }
        }
      }
    },
    "active_users": {
      "bucket_selector": {
        "buckets_path": {
          "lastvisted": "last_visted_date",
          "lastlogindate": "activity_login>last_login_date"
        },
        "script": "if(params.lastvisted==params.lastlogindate){return true;}else{return false;}"
      }
    }
  }
}
  }
}

Here is the error i am getting

[parsing_exception] no [query] registered for [aggs]

flash1293 · April 20, 2020, 7:51am

What exactly are you trying to achieve? The Discover app (if that's what you are referring to), is a tool to display individual documents, it's not meant to show aggregated data. If you want to visualize a custom Elasticsearch query, I recommend using the "vega" visualization.

Roshan_Jha · April 20, 2020, 8:55am

Thanks a lot, so you are saying that the visualization for aggregated result can be achieved with vega visalization right ?.

flash1293 · April 20, 2020, 10:49am

Yes, exactly. I’m the documentation and out in the web you can find examples on how to wire it up.

system · May 18, 2020, 10:49am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.