Nested query in Kibana

Invictus · May 9, 2018, 8:20am

Hi members,

I have a problem concerning an visualization.

dockerelk_elasticsearch-master_2
dockerelk_kibana_1
dockerelk_elasticsearch-master_1
elasticsearch-coordinating
dockerelk_metricbeat_1
dockerelk_elasticsearch_3
dockerelk_elasticsearch_2
dockerelk_logstash_1
dockerelk_elasticsearch_1

0.033
0.011
0.036
0.045
0.002
0.205
0.207
0.065
0.199
SUM 0.81

So that are my containers with the memory %. And in the visualization table it is quiet easy to sum all entries.

Now I want the SUM 0.81% in a several visualization gauge.
So I have tried several things but I dont now how to say:
Get from all Container.names the Max Memory.usage.pct and build the total sum and visualize it as gauge

Has someone a solution? Thanks for advice.

bhavyarm · May 9, 2018, 2:06pm

@thomasneirynck do we support nested queries?

Thanks,
Bhavya

thomasneirynck · May 9, 2018, 3:36pm

hi @Invictus,

That sum in the table is calculated by Kibana and not be Elasticsearch.

Can you express that total sum using a Sum-bucket pipeline aggregation? It'd look something like:

Invictus · May 14, 2018, 12:15pm

Yes, what worked. It was a big fail from my part.
I made this aggregation via Sum Bucket before and I forgot to set the Size to 10, because of 10 Containers. So the value was to low 0.325% now I set the Size to 10 and i got the same value as in the data table.

Thanks for your reply, Thomas.

system · June 11, 2018, 12:17pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.