Kibana Visualization

Sh3ldoris · October 8, 2020, 12:38pm

Hi everyone,
I'm using Kibana 7.9.2 and I've made this query in DevTools console:

POST audit/_search
{
  "size": 0,
  "aggs": {
    "sales_per_month": {
      "date_histogram": {
        "field": "timestamp",
        "calendar_interval": "month"
      },
      "aggs": {
        "DOT_START": {
          "filter": {
            "term": {
              "type": "DOT_START"
            }
          },
          "aggs": {
            "my_count": {
              "value_count": {
                "field": "type"
              }
            }
          }
        },
        "DOT_FAILED_TIMEOUT": {
          "filter": {
            "term": {
              "type": "DOT_FAILED_TIMEOUT"
            }
          },
          "aggs": {
            "my_count": {
              "value_count": {
                "field": "type"
              }
            }
          }
        },
        "ROZDIEL": {
          "bucket_script": {
            "buckets_path": {
              "dot_start": "DOT_START>pocet",
              "dot_failed": "DOT_FAILED_TIMEOUT>pocet"
            },
            "script": "params.dot_start - params.dot_failed"
          }
        }
      }
    }
  }
}

I'm trying to get count of single values in filed type, then I want just subtract them.
But I need to create some visualization of the subtraction result and I cannot find any solution. Have you guys any suggestions on how I can do it?
Thans a lot.

dosant · October 8, 2020, 3:29pm

Hey @Sh3ldoris,

I didn't dig into details, but it might be that timelion is the tool you are looking for.

Sh3ldoris · October 9, 2020, 6:48am

Thanks for the quick response,
but unfortunately, I just want to visualize the result number and as I know timelion is more for working with graphs...I would like to make something like Metric visualization with just number shown.

Sh3ldoris · October 9, 2020, 9:19am

So far, I've divided my data into buckets by Term and aggregated by Count:

So is there any way how I can get a count of field type for example with value "DOT_START"? I mean like in math aggregation where then I could do some subtraction or whatever.

dosant · October 12, 2020, 8:53am

@Sh3ldoris, Sorry for the initial confusing with the timelion.

Unfortunately Kibana doesn't fully support bucket_script aggregations yet. Here is the issue to track: https://github.com/elastic/kibana/issues/4707. But something is possible with TSVB.

I found this example and I think it should be possible in similar fashion to achieve your goal.

Create a scripted field or reinvest you documents and add additional fields like: dotStart: boolean; dotTimeout: boolean.
Use sum aggregation and them bucket script to subtract 2 sums. (Similar as described in Weighted Average in a DataTable of Kibana)

Maybe there is a simpler way, but, I think suggested way should also work.

system · November 9, 2020, 8:53am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.