Kibana Visualization with "filters" on metric

Elastic Stack Kibana
1

hi , i have 4m documents on my kibana and i want to visualise some with "metric count" , all fields of my document have "string" values.

I have a CS-Method field and it returns GET or POST string value.

I tried to do a metric visualization and choose "filters" aggregation on bucket and typed CS-Method : GET

when i do this on discover it returns 2.6m documents but in metric is always 0.

Do you guyz have recommandation for this ? thx.

2

Hi Anita,
can you please share the filters queries you are using? There can be maybe an issue with the query syntax
Can you also please share the the request created by the visualization (click on Inspect from the top nav bar, switch to requests and copy the request to ES (please hide/remove any sensitive data here)

3

1 2

i tried like these but it might be wrong :slight_smile:

4

My request is like this by the way

 "aggs": {
"2": {
  "filters": {
    "filters": {
      "CS-Method : GET": {
        "bool": {
          "must": [],
          "filter": [
            {
              "bool": {
                "should": [
                  {
                    "match": {
                      "CS-Method": "GET"
                    }
                  }
                ],
                "minimum_should_match": 1
                }
              }
           ],
           "should": [],
          "must_not": []
         }
       }
      }
   }
  }
    },
  "size": 0,
  "_source": {
  "excludes": []
},
"stored_fields": [
  "*"
 ],
"script_fields": {},
"docvalue_fields": [
    {
    "field": "@timestamp",
   "format": "date_time"
  }
],
"query": {
  "bool": {
    "must": [
     {
       "range": {
         "@timestamp": {
           "format": "strict_date_optional_time",
           "gte": "2019-08-26T09:56:05.055Z",
           "lte": "2019-08-26T10:11:05.055Z"
         }
       }
      }
    ],
    "filter": [
     {
       "match_all": {}
     }
   ],
   "should": [],
   "must_not": []
   }
  }
 }
5

The query seems ok but to be sure could you please change the Filter 1 as
CS-Method.keyword : "GET"

The CS-Method field should be mapped as keyword also. It should works also the way you have wrote it's worth a try.

From the request seems that you are requesting a 15 min interval, are you sure you have data on that interval? Maybe it's worth trying a larger interval

1 Like
6

oh thank you Marco , i changed the time interval and it works i have few questions if posibble :slight_smile:

1- Do i need to refresh allways the time interval when i open the dashboard if i use this "metric visualise" or will be automatic ?

2- Will this technique work when i try to draw other charts like line bar ? (techinque i mean if i want to draw chart using string values)

7

The time picker value persistent across Discover, Visualize and Dashboard app, so if you change it on a visualization, it will be the same when switching to the dashboard.

If your index have a time field (and the index-pattern is configured with that time field, by default it is) than your queries are "time-sensitive", meaning that the results always depends on the time interval chosen.

1 Like
8

Thank you. You are best :hugs:

9

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.