Kibana JSON Input Question

Gundam_Airline · May 16, 2020, 2:43am

Can someone please explain to me how I can create an JSON input that would retrieve the latest version of the document based on a timestamp. For example, I have the following:

{Name: "Joe, "Age": 24, "Job":"Tester", "Timestamp: },
{Name: "Tony, "Age": 27, "Job":"Software Developer", "Timestamp: },
{Name: "Angela, "Age": 24, "Job":"Engineer", "Timestamp: },
{Name: "Joe, "Age": 25, "Job":"Engineer", "Timestamp: },

How can I do it so that I only see the latest version of a document based on the name?

Someone please help I have been trying to find tutorial on this JSON Input thing, but I am having an extremely hard time understanding this.

lukeelmers · May 18, 2020, 8:59pm

Hi there,

All that really happens with JSON inputs is that the JSON gets included along with the rest of the aggregation generated by the editor and sent to Elasticsearch. The docs on aggregations explain the options for these in more detail, but we most commonly see folks using them to include inline scripts to run against the selected field, e.g.

{
  "script": {
    "inline": "doc['name'].value ...whatever",
    "lang": "painless"
  }
}

The important thing to keep in mind is that these scripts are run on a per document basis, meaning the only information that's available to the script is what lives inside the individual document -- so I can't think of a way to do what you're describing with JSON inputs.

How are you hoping to visualize your data? Understanding what you're trying to do might help me to point you in the right direction.

By the sounds of things, you are wanting to visualize raw documents, which is tricky because Kibana visualizations are generally based on aggregated data. One idea I had off the top of my head for achieving this using a data table visualization:

Unique count metric agg on the Name
Split rows by terms agg on the Name, and then order descending by a custom metric using a max agg on the Timestamp

This would (I think) show you the results you're looking for.

Gundam_Airline · May 19, 2020, 2:53pm

Hi Lukeelmers,

Thanks for the response! I will go ahead and try that out. Yes, the previous post was duplicate. Also, I attempted to do a unique count against the name field, but the count came out to be one more than expected.

Also, is it possible to modify the order of a legend in KIbana? Some of our visualization has "Yes" first followed by "No" while other are "No" first followed by "Yes" We were wondering if it possible to make that change.

Thanks,

lukeelmers · May 19, 2020, 5:43pm

In point series visualizations, the ordering of the legend matches whatever the order was of the first bucket to come back in the results, and is therefore not deterministic.

So for example, in time series data, the legend ordering could differ based on the timerange you have selected, as the first bucket to come back in the results would be different.

This is something we want to improve eventually as it has led to confusion in the past... if you are interested, feel free to follow along with the Github issue.

system · June 16, 2020, 5:43pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.