Kibana discovery error

I am executing aggregation query in kibana discovery but it giving me error [parsing_exception] no [query] registered for [aggs], which is working fine in dev tools.

Here is the query which i am using.

   {
  "aggs": {
"users": {
  "terms": {
    "field": "principal.keyword"
  },
  "aggs": {
    "last_visted_date": {
      "max": {
        "field": "timestamp"
      }
    },
    "activity_login": {
      "filter": {
        "term": {
          "action.keyword": "LOGIN"
        }
      },
      "aggs": {
        "last_login_date": {
          "max": {
            "field": "timestamp"
          }
        }
      }
    },
    "active_users": {
      "bucket_selector": {
        "buckets_path": {
          "lastvisted": "last_visted_date",
          "lastlogindate": "activity_login>last_login_date"
        },
        "script": "if(params.lastvisted==params.lastlogindate){return true;}else{return false;}"
      }
    }
  }
}
  }
}

Here is the error i am getting

[parsing_exception] no [query] registered for [aggs]

What exactly are you trying to achieve? The Discover app (if that's what you are referring to), is a tool to display individual documents, it's not meant to show aggregated data. If you want to visualize a custom Elasticsearch query, I recommend using the "vega" visualization.

Thanks a lot, so you are saying that the visualization for aggregated result can be achieved with vega visalization right ?.

Yes, exactly. I’m the documentation and out in the web you can find examples on how to wire it up.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.