Metric visualization shows no results instead of 0 in count aggregation with terms exclusion

Elastic Stack Kibana
1

Hi,
I've created a Metric visualization with 2 metrics:

  1. Top hit aggregation on "name" field that I have
  2. Count aggregation

On top of that I created a filter to get only the results from the recent minute.
So, I get a count of the distinct names that were present in the recent minute.
Furthermore, I had to exclude some of these results by a "status" field - I wanted to get the count of the distinct names with that status "error" only.
So I added a Buckets Terms aggregation with include "ERROR".
It works well, but when there are no suitable results at all, I get "no results found" in the visualization, which looks quite ugly. I'd like it to show 0. How can I achieve that?
Is it possible in the metric visualization? If not, is there another visualization that can meet my needs?

Here is the visualization:

image

and here it is when no results are found:

image

2

Hi @Chenlrv can you please tell me if you used the TSVB metric visualization or a standard metric visualization or you created one on Canvas?
If you can send me also the version of Kibana you are running I can take a look and see if this is actually a bug or something that we haven't think of

3

Hi @markov00 , I used the standard metric visualization : image

Kibana version is 7.9.0

4

Can you also send me the current configuration on the editor, I'm not sure I've 100% understood how you are configuring this and in particular where you used the top hit aggregation and the terms one.

Because if you are looking to have a metric that describes the number of unique faulty devices, you can simply have a unique count metric aggregation and then apply a filter on the error status code.

5

You are right, the top hit aggregation was disabled in the visualization. I use count aggregation with filter on "ERROR" status code

6

could you please post here the request and response available from the Inspect panel because I've tested locally and I can't reproduce the issue:

Screenshot 2020-10-14 at 14.45.47
Screenshot 2020-10-14 at 14.45.471522×792 109 KB

7

Sure, for the exmaple I changed the filter to "WARNING" status (which gives no results found).
Request:

   "aggs": {
     "2": {
       "terms": {
         "field": "database.itraffic.status",
         "order": {
           "_key": "desc"
         },
         "size": 5,
         "include": "WARNING"
       }
     }
   },
   "size": 0,
   "stored_fields": [
     "*"
   ],
   "script_fields": {},
   "docvalue_fields": [
     {
       "field": "@timestamp",
       "format": "date_time"
     }
   ],
   "_source": {
     "excludes": []
   },
   "query": {
     "bool": {
       "must": [],
       "filter": [
         {
           "match_all": {}
         },
         {
           "range": {
             "@timestamp": {
               "gte": "now-1m",
               "lt": "now"
             }
           }
         },
         {
           "range": {
             "@timestamp": {
               "gte": "2020-10-14T12:45:40.122Z",
               "lte": "2020-10-14T13:00:40.122Z",
               "format": "strict_date_optional_time"
             }
           }
         }
       ],
       "should": [],
       "must_not": []
     }
   }
 }

and response:

 "took": 21,
 "timed_out": false,
 "_shards": {
   "total": 120,
   "successful": 120,
   "skipped": 112,
   "failed": 0
 },
 "hits": {
   "total": 160,
   "max_score": null,
   "hits": []
 },
 "aggregations": {
   "2": {
     "doc_count_error_upper_bound": 0,
     "sum_other_doc_count": 0,
     "buckets": []
   }
 }
}```
8

Thanks, what is the desired outcome with the specification of the include: "WARNING" filter in the terms aggregation? what do you want to achieve with that? because this filters the returned bucket returning only buckets with that specific status and in your case seems that you don't have buckets on the selected interval to satisfy that clause: https://www.elastic.co/guide/en/elasticsearch/reference/current/search-aggregations-bucket-terms-aggregation.html#_filtering_values_4

I'm also seeing that you are specifying also another time filter last minute and I think that will not produce the wanted result. I think this can be achieved with TSVB metric visualization as described in this other reply: Get visualization of missing data

9

I expect that if there are no such results, the metric will show 0 and not "no results found", that's the desired behavior. How can I achieve that? I use last minute filter because I want to show the number of devices that got status error in the last minute

10

@markov00 I tried the TSVB metric as you suggested, indeed it almost meets all of my needs - it does show count 0 when there are no results, but the font is too small, and could not find a way to make it bigger.. in the metric visualization the font size is customizable, we want it to look very big.

11

What you can do is to use the same TSVB configuration and use Markdown, you should be able to print out your text and change the css style for that increasing the font size as you prefer.
Could you please create an enhancement request for the font style/size of TSVB metric here so we can see if we can put that on our roadmap https://github.com/elastic/kibana/issues/new?template=Feature_request.md

12

@markov00 Markdown also lets me change the background color depends on the count number? I want to background color to be green on 0 and to be red when bigger than 0.

13

I'm sorry, unfortunately not at the moment

14

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.