Nested aggregation charts

Having this example mapping
{ "mappings": { "scanner": { "properties": { "profiler": { "include_in_parent": true, "properties": { "module": { "analyzer": "not_analyzed_lower1024", "type": "string" }, "cputime": { "type": "long" } }, "type": "nested" } } } } }

is there currently a way (even a hacky way) to reproduce nested highlight from K3 for profiler.module as a key field and mean of profiler.cputime as a value field?

K3example.png1875×451 108 KB

Echoing the IRC response here for consistency:

@rashidkpc: yeah, currently no way todo that

So yes it is hacky but you can do it as follws in that fork of k3 https://github.com/immunochomik/kibana3 you open profiler.module in terms tab, then on the bottom of the tab there is a button 'Make Queries' - when you press that it will make queries for all the therms that is single query for each value of profiler.module (assuming the cardinality is reasonable let say up to 12 as on your example) , and then on the time histogram you can set value field to profiler.cputime and vuala.
There is a bug there that I am planing to fix, if the terms are made of more than one word it should put "" around them in queries and it does not do that, very simple fix there.

So there are things that you can not do and there is no point in my opinion in adding them to k3 for example there are no value based histograms, but you have them in k4 so no point in reimplementing that, I think k3 is useful for events discovery, assessment of volumes of events in time based data, where k4 even k4.4 just does not do that well

Tibor_Schmidt are you using out-of-the-box or forked version of K3 to produce that chart? If it's a fork, could you link to it? Also could you post a screenshot of your panel config?

@tbragin It's private fork, main dev is mostly c++/python/(java) guy and the changes are "hacked in" just to make work what we needed.

Do you think it would be worth to share? I could try to persuade him.

panel_config.png1896×498 23.7 KB