The vega viz plugin for kibana is really good!
I'm having a slight problem though, and I fear I might be going past the capability of the plugin.
What I would like to produce is a graphic with multiple rows, one for each "site", with each row comprising dates on the X-axis with the document count for each site/date displayed as a bar.
What I get with the following is a blank screen.
Can this be done?
Here's my specification:
{
"$schema": "https://vega.github.io/schema/vega-lite/v2.json",
"title": "Event counts from all indexes",
"data": {
"url": {
"index": "prd-vizql-*",
"body": {
"aggs": {
"site": {
"aggs": {
"date": {
"aggs": {
"sessions": {
"terms": {
"size": 500,
"field": "json.v.sess.keyword"
}
}
},
"date_histogram": {
"field": "@timestamp",
"interval": "day",
"min_doc_count": 0
}
}
},
"terms": {
"size": 500,
"field": "json.v.site.keyword"
}
}
},
"size": 0,
"query": {
"bool": {
"filter": [
{"exists": {"field": "json.v.workbook"}},
{"terms": {"json.k.keyword": ["create-session"]}}
]
}
}
}
},
"format": {"property": "aggregations.site.buckets"}
},
"mark": "bar",
"encoding": {
"x": {
"field": "date.buckets.key",
"type": "temporal",
"axis": {"title": false, "grid": false}
},
"y": {
"field": "date.buckets.doc_count",
"type": "quantitative",
"axis": {"title": "Document count"}
},
"row": {"field": "key", "type": "nominal", "header": "Site"}
}
}
and here's a sample of my data:
"aggregations": {
"site": {
"doc_count_error_upper_bound": 0,
"sum_other_doc_count": 0,
"buckets": [
{
"key": "XYZ Company",
"doc_count": 324,
"date": {
"buckets": [
{
"key_as_string": "2018-01-16T00:00:00.000Z",
"key": 1516060800000,
"doc_count": 36,
"sessions": {
"doc_count_error_upper_bound": 0,
"sum_other_doc_count": 0,
"buckets": [
{
"key": "0513156BCA584D4D8AAB5ACDD18B175D-0:0",
"doc_count": 1
},
{
"key": "062B082F67534A0BBA7CD3A939AFE32F-0:2",
"doc_count": 1
},
{
"key": "067189C42986479D86E59BB2D14B349B-0:2",
"doc_count": 1
},
{
"key": "0A31D32462604F0D88BDF495FA8327DD-0:0",
"doc_count": 1
},