Kibana Visualization with "filters" on metric

zbawio · August 26, 2019, 7:37am

hi , i have 4m documents on my kibana and i want to visualise some with "metric count" , all fields of my document have "string" values.

I have a CS-Method field and it returns GET or POST string value.

I tried to do a metric visualization and choose "filters" aggregation on bucket and typed CS-Method : GET

when i do this on discover it returns 2.6m documents but in metric is always 0.

Do you guyz have recommandation for this ? thx.

markov00 · August 26, 2019, 8:54am

Hi Anita,
can you please share the filters queries you are using? There can be maybe an issue with the query syntax
Can you also please share the the request created by the visualization (click on Inspect from the top nav bar, switch to requests and copy the request to ES (please hide/remove any sensitive data here)

zbawio · August 26, 2019, 10:18am

i tried like these but it might be wrong

zbawio · August 26, 2019, 10:23am

My request is like this by the way

 "aggs": {
"2": {
  "filters": {
    "filters": {
      "CS-Method : GET": {
        "bool": {
          "must": [],
          "filter": [
            {
              "bool": {
                "should": [
                  {
                    "match": {
                      "CS-Method": "GET"
                    }
                  }
                ],
                "minimum_should_match": 1
                }
              }
           ],
           "should": [],
          "must_not": []
         }
       }
      }
   }
  }
    },
  "size": 0,
  "_source": {
  "excludes": []
},
"stored_fields": [
  "*"
 ],
"script_fields": {},
"docvalue_fields": [
    {
    "field": "@timestamp",
   "format": "date_time"
  }
],
"query": {
  "bool": {
    "must": [
     {
       "range": {
         "@timestamp": {
           "format": "strict_date_optional_time",
           "gte": "2019-08-26T09:56:05.055Z",
           "lte": "2019-08-26T10:11:05.055Z"
         }
       }
      }
    ],
    "filter": [
     {
       "match_all": {}
     }
   ],
   "should": [],
   "must_not": []
   }
  }
 }

markov00 · August 26, 2019, 10:39am

The query seems ok but to be sure could you please change the Filter 1 as
CS-Method.keyword : "GET"

The CS-Method field should be mapped as keyword also. It should works also the way you have wrote it's worth a try.

From the request seems that you are requesting a 15 min interval, are you sure you have data on that interval? Maybe it's worth trying a larger interval

zbawio · August 26, 2019, 10:43am

oh thank you Marco , i changed the time interval and it works i have few questions if posibble

1- Do i need to refresh allways the time interval when i open the dashboard if i use this "metric visualise" or will be automatic ?

2- Will this technique work when i try to draw other charts like line bar ? (techinque i mean if i want to draw chart using string values)

markov00 · August 26, 2019, 10:47am

The time picker value persistent across Discover, Visualize and Dashboard app, so if you change it on a visualization, it will be the same when switching to the dashboard.

If your index have a time field (and the index-pattern is configured with that time field, by default it is) than your queries are "time-sensitive", meaning that the results always depends on the time interval chosen.

zbawio · August 26, 2019, 10:48am

Thank you. You are best

system · September 23, 2019, 10:48am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.