Line chart with date histogram, split series and filter

Hi,

It seems clear to me that I'm obviously misunderstanding how filters are used in Kibana's visualizations and/or am using them incorrectly.

Brief background. Each document contains a unique identifier and let's say two additional fields

'infectious contact'.keyword
'lhd'.keyword

infectious839×230 15.6 KB

I create a Y axis and use a unique count of the unique identifier (which really I suppose wouldn't have to be unique).

I then create buckets and split series as per below screenshot

unfiltered1145×372 61.5 KB

The 'infectious contact'.keyword field can take the following values
Yes
No
Unknown
or it can be blank, meaning it's missing.

I thought I could create the above visualization and add a filter along the lines of:

'infectious contact'.keyword:'No'

to display only those that have a value of No recorded in this field but as soon as I do, this removes any and all lines in the graph, see screenshot below

filtered1298×403 28.1 KB

Is what I'm trying to do not possible or am I using the split series and Filter operator the wrong way?

Again, I know the above is a relatively poor explanation but I hope someone is able to make sense of it and please offer some help. In this scenario what I was hoping would show would be, for each LHD for the time period in question, show a line indicating the number of "No" responses . I would then hope to do the same with another split series and with a filter for the number of Yes responses.

Thanks for any and all help, it's much appreciated.

If you want to filter down the whole chart, you can just use the "Add filter" button in the top row:

Any filters specified as a filter pill there will be saved along with the visualization.

Thanks heaps Joe, much appreciated. This was a somewhat simplified example though, apologies for not explaining properly, but that wouldn't work if I had three additional properties that I equally wanted to display in the chart and apply filters to each of those would it?

Say for example there were three properties and each of those had a yes/no response but could equally be left unanswered. What I want to display is how many documents have been indexed but also a further breakdown (in the form of a series in the chart) where each of the below properties have an affirmative response

Do you like music
Do you like football
Do you like ice hockey

I'm probably thinking of this the wrong way. I envisioned the graph ideally showing the total number of documents for each LHD.keyword. Then I was hoping to display additional series for each of the three questions, above, where the response had been that of yes.

So LHD1 might have had ten documents in total and LHD2 8. This would show as two series. There would then be additional three series per LHD displaying how many affirmative responses had been recorded.

Does the above make sense - I feel it's a poor explanation but hope you'll be able to make sense of it and forgive my hhrrmmm stupidity.

Cheers

Ah, I see your use case now. In visualizations adding a "split series" aggregation will always be applied to all series, so you can't separately configure a "total" series + the splits in individual series.

If that's suitable for your use case, you can create the splits manually by specifying a single "filters" split series aggregation. The "total" series would just become a filter "*" (matching all documents), for the other series you can specify the filters manually.

I think the problem you are hitting is the space in the field name - to use it in the lucene filter field, it should work by escaping the space with a backslash: infectious\ contact.keyword:"No"

That's brilliant, thanks heaps Joe for all your help, much appreciated! I haven't tried this yet but am certain it'll work! Cheers

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.