Kibana vega viz plug-in:multiple aggregations: how-to?

Elastic Stack Kibana
1

The vega viz plugin for kibana is really good!

I'm having a slight problem though, and I fear I might be going past the capability of the plugin.

What I would like to produce is a graphic with multiple rows, one for each "site", with each row comprising dates on the X-axis with the document count for each site/date displayed as a bar.

What I get with the following is a blank screen.

Can this be done?

Here's my specification:

 {
  "$schema": "https://vega.github.io/schema/vega-lite/v2.json",
  "title": "Event counts from all indexes",
  "data": {
    "url": {
      "index": "prd-vizql-*",
      "body": {
        "aggs": {
          "site": {
            "aggs": {
              "date": {
                "aggs": {
                  "sessions": {
                    "terms": {
                      "size": 500,
                      "field": "json.v.sess.keyword"
                    }
                  }
                },
                "date_histogram": {
                  "field": "@timestamp",
                  "interval": "day",
                  "min_doc_count": 0
                }
              }
            },
            "terms": {
              "size": 500,
              "field": "json.v.site.keyword"
            }
          }
        },
        "size": 0,
        "query": {
          "bool": {
            "filter": [
              {"exists": {"field": "json.v.workbook"}},
              {"terms": {"json.k.keyword": ["create-session"]}}
            ]
          }
        }
      }
    },
    "format": {"property": "aggregations.site.buckets"}
  },
  "mark": "bar",
  "encoding": {
    "x": {
      "field": "date.buckets.key",
      "type": "temporal",
      "axis": {"title": false, "grid": false}
    },
    "y": {
      "field": "date.buckets.doc_count",
      "type": "quantitative",
      "axis": {"title": "Document count"}
    },
    "row": {"field": "key", "type": "nominal", "header": "Site"}
  }
}

and here's a sample of my data:

 "aggregations": {
    "site": {
      "doc_count_error_upper_bound": 0,
      "sum_other_doc_count": 0,
      "buckets": [
        {
          "key": "XYZ Company",
          "doc_count": 324,
          "date": {
            "buckets": [
              {
                "key_as_string": "2018-01-16T00:00:00.000Z",
                "key": 1516060800000,
                "doc_count": 36,
                "sessions": {
                  "doc_count_error_upper_bound": 0,
                  "sum_other_doc_count": 0,
                  "buckets": [
                    {
                      "key": "0513156BCA584D4D8AAB5ACDD18B175D-0:0",
                      "doc_count": 1
                    },
                    {
                      "key": "062B082F67534A0BBA7CD3A939AFE32F-0:2",
                      "doc_count": 1
                    },
                    {
                      "key": "067189C42986479D86E59BB2D14B349B-0:2",
                      "doc_count": 1
                    },
                    {
                      "key": "0A31D32462604F0D88BDF495FA8327DD-0:0",
                      "doc_count": 1
                    },
1 Like
2

@nielsen-at-cgt Vega-Lite does not have a good built-in handling of nested data results, so I would advise you use composite aggregation.
See an example in the video linked from the recent Vega blog post.

If you need to process nested data, you can use full Vega language instead - the "group" mark can be used to draw pre-faceted data.

1 Like
3

Thanks Yuri, I will look into that.

4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

5

Update: Vega has added flatten transform, which will be available in Kibana 6.3, as well as in the 6.0 & 6.1 as a plugin (and hopefully I will update Vega plugin to support 6.2 soonish.